Cyber Posture

CVE-2026-1283

High

Published: 26 January 2026

Published
26 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1283 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in 3Ds (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the heap-based buffer overflow vulnerability by requiring timely application of vendor patches for SOLIDWORKS eDrawings.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like ASLR and DEP to protect against arbitrary code execution from heap buffer overflows in EPRT file parsing.

SI-10 Information Input Validation partial match
prevent

Enforces validation of file inputs to mitigate malformed EPRT files that trigger the buffer overflow during processing.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Heap buffer overflow in file parser enables client-side RCE via malicious EPRT file (T1203 Exploitation for Client Execution + T1204.002 Malicious File delivery).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Deeper analysisAI

CVE-2026-1283 is a heap-based buffer overflow vulnerability (CWE-122) in the EPRT file reading procedure of SOLIDWORKS eDrawings. It affects SOLIDWORKS Desktop releases from 2025 through 2026. Published on 2026-01-26, the vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables arbitrary code execution when a user opens a specially crafted EPRT file.

The vulnerability can be exploited by an attacker who creates a malicious EPRT file and convinces a target user to open it in the affected SOLIDWORKS eDrawings software. Exploitation requires local access to the system and user interaction, such as double-clicking the file, but no special privileges. Successful exploitation allows the attacker to execute arbitrary code, potentially compromising the system with high impacts to confidentiality, integrity, and availability.

The vendor has published a security advisory with details on mitigation at https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1283.

Details

CWE(s)
CWE-122

Affected Products

3Ds
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-23719Shared CWE-122
CVE-2025-35984Shared CWE-122
CVE-2025-27173Shared CWE-122
CVE-2025-50129Shared CWE-122
CVE-2026-6306Shared CWE-122
CVE-2026-34627Shared CWE-122
CVE-2025-24057Shared CWE-122
CVE-2026-2447Shared CWE-122
CVE-2026-34629Shared CWE-122
CVE-2025-21390Shared CWE-122

References