CVE-2026-1334

High

Published: 16 February 2026

Published

16 February 2026

Modified

26 February 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 5.8th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1334 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in 3Ds Solidworks Edrawings. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Attachment (T1566.001); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Spearphishing Attachment (T1566.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2026-1334 by requiring timely application of vendor patches to fix the out-of-bounds read vulnerability in SOLIDWORKS eDrawings EPRT file parsing.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Identifies affected systems running vulnerable SOLIDWORKS Desktop 2025-2026 versions through vulnerability scanning tailored to this specific CVE.

SI-3 Malicious Code Protection partial match

preventdetect

Scans and blocks malicious EPRT files exploiting the vulnerability before user interaction and opening in eDrawings.

MITRE ATT&CK Enterprise TechniquesAI

T1566.001 Spearphishing Attachment Initial Access

Adversaries may send spearphishing emails with a malicious attachment in an attempt to gain access to victim systems.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

OOB read in EPRT parser enables RCE via malicious file opened by user (social engineering/phishing delivery + user execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Deeper analysisAI

CVE-2026-1334 is an Out-Of-Bounds Read vulnerability (CWE-125) in the EPRT file reading procedure of SOLIDWORKS eDrawings. It affects SOLIDWORKS Desktop releases from 2025 through 2026. Published on 2026-02-16, the flaw has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and enables arbitrary code execution when a user opens a specially crafted EPRT file.

An attacker can exploit this vulnerability by delivering a malicious EPRT file to a target user, such as via email, file sharing, or other social engineering means requiring local access and user interaction. No privileges are needed (PR:N), and the attack has low complexity (AC:L). Successful exploitation grants high-impact confidentiality, integrity, and availability effects (C:H/I:H/A:H) within the user's scope (S:U), typically resulting in remote code execution under the user's context.

The vendor's security advisory at https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1334 provides further details on mitigation and patches for affected SOLIDWORKS Desktop releases. Security practitioners should consult this advisory for specific remediation steps.