CVE-2026-0874
Published: 18 February 2026
Summary
CVE-2026-0874 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Autodesk Shared Components. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely flaw remediation, directly mitigating this vulnerability by mandating installation of Autodesk patches as detailed in their security advisory.
SI-16 implements memory protections like ASLR and DEP that prevent exploitation of out-of-bounds writes for arbitrary code execution even if the flaw exists.
SI-10 enforces input validation for files like CATPARTs, reducing the risk of processing maliciously crafted inputs that trigger the parser vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in file parser enables arbitrary code execution triggered by opening a malicious CATPART file, directly mapping to client-side exploitation and malicious file user execution.
NVD Description
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the…
more
current process.
Deeper analysisAI
CVE-2026-0874 is an Out-of-Bounds Write vulnerability (CWE-787) with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), published on 2026-02-18. It affects certain Autodesk products that parse CATPART files, where a maliciously crafted CATPART file can trigger the vulnerability during processing.
An attacker with local access can exploit this vulnerability by convincing a user to open a specially crafted CATPART file through the affected Autodesk software. No special privileges are required, though user interaction is necessary. Successful exploitation may result in application crashes, data corruption, or arbitrary code execution within the context of the current process.
Autodesk has published security advisory ADSK-SA-2026-0004 detailing the issue, available at https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004. Additional information on affected products, such as Autodesk Access, can be found at https://www.autodesk.com/products/autodesk-access/overview. Practitioners should consult these resources for patch availability and mitigation guidance.
Details
- CWE(s)