Description
A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.
Published: 2026-06-01
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the serialization mechanisms of Teamwork Cloud and Magic Collaboration Studio allows an unauthenticated attacker to supply crafted data that is deserialized without proper validation. This flaw, classified as CWE‑502, gives attackers the ability to execute arbitrary code with the privileges of the application, potentially leading to full compromise of the system and exposure of sensitive data.

Affected Systems

The affected products are Dassault Systèmes Teamwork Cloud – Business, Business Pro, Enterprise, and Standard Editions, and Magic Collaboration Studio. All releases from No Magic Release 2022x through No Magic Release 2026x for Teamwork Cloud and from CATIA Magic Release 2022x through CATIA Magic Release 2026x for Magic Collaboration Studio are impacted. Specific patch versions are not listed in the available data.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV, suggesting the exploit is not yet observed in the wild but remains a high theoretical risk. The likely attack vector is the deserialization of untrusted data received via application interfaces, which an attacker can exploit without authentication to run arbitrary code. The impact includes full system compromise, data theft, and potential persistence capabilities if the attacker can execute code with service‑level privileges.

Generated by OpenCVE AI on June 1, 2026 at 11:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dassault Systèmes’ latest patch for Teamwork Cloud and Magic Collaboration Studio as soon as it is released.
  • If the patch cannot be applied immediately, limit network exposure of endpoints that accept serialized data by applying firewall rules or IP whitelisting to block unauthenticated external access.
  • Enable comprehensive application logging for deserialization events and implement monitoring to detect abnormal payload patterns, supplementing with intrusion detection rules where possible.

Generated by OpenCVE AI on June 1, 2026 at 11:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.
Title Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published:

Updated: 2026-06-01T07:45:34.201Z

Reserved: 2026-05-05T11:42:41.151Z

Link: CVE-2026-7858

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T09:16:20.990

Modified: 2026-06-01T09:16:20.990

Link: CVE-2026-7858

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T11:15:27Z

Weaknesses