Description
A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.
Published: 2026-06-01
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the serialization mechanisms of Teamwork Cloud and Magic Collaboration Studio allows an unauthenticated attacker to supply crafted data that is deserialized without proper validation. This flaw, classified as CWE‑502, gives attackers the ability to execute arbitrary code with the privileges of the application, potentially leading to full compromise of the system and exposure of sensitive data.

Affected Systems

The affected products are Dassault Systèmes Teamwork Cloud – Business, Business Pro, Enterprise, and Standard Editions, and Magic Collaboration Studio. All releases from No Magic Release 2022x through No Magic Release 2026x for Teamwork Cloud and from CATIA Magic Release 2022x through CATIA Magic Release 2026x for Magic Collaboration Studio are impacted. Specific patch versions are not listed in the available data.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV, suggesting the exploit is not yet observed in the wild but remains a high theoretical risk. The likely attack vector is the deserialization of untrusted data received via application interfaces, which an attacker can exploit without authentication to run arbitrary code. The impact includes full system compromise, data theft, and potential persistence capabilities if the attacker can execute code with service‑level privileges.

Generated by OpenCVE AI on June 1, 2026 at 11:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Dassault Systèmes’ latest patch for Teamwork Cloud and Magic Collaboration Studio as soon as it is released.
  • If the patch cannot be applied immediately, limit network exposure of endpoints that accept serialized data by applying firewall rules or IP whitelisting to block unauthenticated external access.
  • Enable comprehensive application logging for deserialization events and implement monitoring to detect abnormal payload patterns, supplementing with intrusion detection rules where possible.

Generated by OpenCVE AI on June 1, 2026 at 11:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Dassault
Dassault magic Collaboration Studio
Dassault teamwork Cloud Enterprise Edition
Dassault teamwork Cloud Standard Edition
Dassult
Dassult teamwork Cloud Business Edition
Dassult teamwork Cloud Business Pro Edition
Vendors & Products Dassault
Dassault magic Collaboration Studio
Dassault teamwork Cloud Enterprise Edition
Dassault teamwork Cloud Standard Edition
Dassult
Dassult teamwork Cloud Business Edition
Dassult teamwork Cloud Business Pro Edition

Mon, 01 Jun 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.
Title Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dassault Magic Collaboration Studio Teamwork Cloud Enterprise Edition Teamwork Cloud Standard Edition
Dassult Teamwork Cloud Business Edition Teamwork Cloud Business Pro Edition
cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published:

Updated: 2026-06-01T13:10:31.858Z

Reserved: 2026-05-05T11:42:41.151Z

Link: CVE-2026-7858

cve-icon Vulnrichment

Updated: 2026-06-01T13:10:27.399Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T09:16:20.990

Modified: 2026-06-01T17:57:39.180

Link: CVE-2026-7858

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:54:53Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data