Cyber Resilience

CVE-2026-1283

High

Published: 26 January 2026

Published
26 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1283 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in 3Ds (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-1283 is a heap-based buffer overflow vulnerability (CWE-122) in the EPRT file reading procedure of SOLIDWORKS eDrawings. It affects SOLIDWORKS Desktop releases from 2025 through 2026. Published on 2026-01-26, the vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables arbitrary code execution when a user opens a specially crafted EPRT file.

The vulnerability can be exploited by an attacker who creates a malicious EPRT file and convinces a target user to open it in the affected SOLIDWORKS eDrawings software. Exploitation requires local access to the system and user interaction, such as double-clicking the file, but no special privileges. Successful exploitation allows the attacker to execute arbitrary code, potentially compromising the system with high impacts to confidentiality, integrity, and availability.

The vendor has published a security advisory with details on mitigation at https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1283.

EU & UK References

Vulnerability details

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap buffer overflow in file parser enables client-side RCE via malicious EPRT file (T1203 Exploitation for Client Execution + T1204.002 Malicious File delivery).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21395Shared CWE-122
CVE-2025-35984Shared CWE-122
CVE-2026-34629Shared CWE-122
CVE-2026-6306Shared CWE-122
CVE-2025-21390Shared CWE-122
CVE-2026-21676Shared CWE-122
CVE-2025-24057Shared CWE-122
CVE-2025-27173Shared CWE-122
CVE-2026-4455Shared CWE-122
CVE-2026-27312Shared CWE-122

Affected Assets

3Ds
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the heap-based buffer overflow vulnerability by requiring timely application of vendor patches for SOLIDWORKS eDrawings.

prevent

Implements memory safeguards like ASLR and DEP to protect against arbitrary code execution from heap buffer overflows in EPRT file parsing.

prevent

Enforces validation of file inputs to mitigate malformed EPRT files that trigger the buffer overflow during processing.

References