CVE-2026-1284
Published: 26 January 2026
Summary
CVE-2026-1284 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in 3Ds (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-1284 is an Out-Of-Bounds Write vulnerability (CWE-787) in the EPRT file reading procedure of SOLIDWORKS eDrawings. It affects SOLIDWORKS Desktop releases from 2025 through 2026. Published on 2026-01-26T14:15:57.020, the vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables arbitrary code execution when a user opens a specially crafted EPRT file.
Exploitation requires an attacker to deliver a malicious EPRT file to a target user, who must then open it locally in the affected eDrawings software. No special privileges are needed (PR:N), but local access (AV:L) and user interaction (UI:R) are required, with low attack complexity (AC:L). Successful exploitation grants the attacker high confidentiality, integrity, and availability impacts, allowing arbitrary code execution in the context of the user.
Mitigation guidance is available in the vendor security advisory at https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1284.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4703
Vulnerability details
An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB write in local file parser enables RCE via crafted EPRT file opened by user (T1204.002).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly addresses this out-of-bounds write vulnerability by requiring timely application of vendor patches from the security advisory to prevent arbitrary code execution.
Memory protection safeguards such as address space layout randomization and data execution prevention mitigate the impact of out-of-bounds writes during EPRT file parsing, blocking unauthorized code execution.
Information input validation on EPRT files checks for malformed data before processing, reducing the risk of buffer overflows in the eDrawings file reading procedure.