Cyber Posture

CVE-2026-1335

High

Published: 16 February 2026

Published
16 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1335 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in 3Ds Solidworks Edrawings. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and remediation of flaws such as the out-of-bounds write in SOLIDWORKS eDrawings EPRT file parser via vendor patches.

SI-16 Memory Protection good match
prevent

Implements memory protection safeguards like DEP and ASLR to prevent exploitation of memory corruption vulnerabilities including out-of-bounds writes leading to arbitrary code execution.

SI-3 Malicious Code Protection partial match
preventdetect

Deploys malicious code protection mechanisms to scan and block execution of code triggered by specially crafted EPRT files exploiting the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Out-of-bounds write in EPRT file parser enables RCE on open of malicious file (local client app), mapping directly to Exploitation for Client Execution and User Execution: Malicious File.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

Deeper analysisAI

CVE-2026-1335 is an Out-Of-Bounds Write vulnerability (CWE-787) in the EPRT file reading procedure of SOLIDWORKS eDrawings. It affects SOLIDWORKS Desktop releases from 2025 through 2026. Published on 2026-02-16, the vulnerability allows an attacker to execute arbitrary code when a user opens a specially crafted EPRT file. The CVSS v3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

An attacker with local access can exploit this vulnerability with low complexity and no required privileges, provided the user interacts by opening a malicious EPRT file. Successful exploitation leads to high-impact compromise of confidentiality, integrity, and availability, enabling arbitrary code execution on the affected system.

Mitigation details are available in the vendor security advisory at https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1335.

Details

CWE(s)
CWE-787

Affected Products

3ds
solidworks edrawings
2025, 2026

CVEs Like This One

CVE-2026-1333Same product: 3Ds Solidworks Edrawings
CVE-2026-1334Same product: 3Ds Solidworks Edrawings
CVE-2026-21327Shared CWE-787
CVE-2026-3094Shared CWE-787
CVE-2025-27166Shared CWE-787
CVE-2025-21131Shared CWE-787
CVE-2025-24452Shared CWE-787
CVE-2026-27295Shared CWE-787
CVE-2026-27622Shared CWE-787
CVE-2025-21157Shared CWE-787

References