CVE-2026-1333

High

Published: 16 February 2026

Published

16 February 2026

Modified

26 February 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 5.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1333 is a high-severity Use of Uninitialized Variable (CWE-457) vulnerability in 3Ds Solidworks Edrawings. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2026-1333 by requiring timely remediation of the uninitialized variable flaw in SOLIDWORKS eDrawings via vendor patches.

SI-16 Memory Protection partial match

prevent

Provides memory protection mechanisms that hinder exploitation of the uninitialized variable vulnerability leading to arbitrary code execution in EPRT file parsing.

SI-3 Malicious Code Protection partial match

preventdetect

Malicious code protection scans and blocks execution of arbitrary code triggered by specially crafted malicious EPRT files in SOLIDWORKS eDrawings.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

Direct RCE via crafted EPRT file opened by user maps to malicious file execution technique.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Deeper analysisAI

CVE-2026-1333 is a Use of Uninitialized Variable vulnerability (CWE-457) in the EPRT file reading procedure of SOLIDWORKS eDrawings. It affects SOLIDWORKS Desktop releases from 2025 through 2026. Published on 2026-02-16T14:16:18.003, the flaw carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables arbitrary code execution upon opening a specially crafted EPRT file.

The vulnerability can be exploited by an attacker with local access who tricks a user into opening a malicious EPRT file, requiring no privileges but relying on user interaction. Successful exploitation allows arbitrary code execution with high impacts to confidentiality, integrity, and availability in the context of the affected application.

Dassault Systèmes has published a security advisory with further details at https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1333, which security practitioners should consult for mitigation and patching guidance.

Details

CWE(s): CWE-457

Affected Products

3ds

solidworks edrawings

2025, 2026

CVEs Like This One

CVE-2026-1335Same product: 3Ds Solidworks Edrawings

CVE-2026-1334Same product: 3Ds Solidworks Edrawings

CVE-2025-0601Same vendor: 3Ds

CVE-2025-0826Same vendor: 3Ds

CVE-2025-0598Same vendor: 3Ds

CVE-2025-0599Same vendor: 3Ds

CVE-2025-0829Same vendor: 3Ds

CVE-2025-0832Same vendor: 3Ds

CVE-2025-0828Same vendor: 3Ds

CVE-2025-10559Same vendor: 3Ds

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1333
Vendor Advisory · 3DS.Information-Security@3ds.com