Cyber Resilience

CVE-2026-1335

High

Published: 16 February 2026

Published
16 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1335 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in 3Ds Solidworks Edrawings. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-1335 is an Out-Of-Bounds Write vulnerability (CWE-787) in the EPRT file reading procedure of SOLIDWORKS eDrawings. It affects SOLIDWORKS Desktop releases from 2025 through 2026. Published on 2026-02-16, the vulnerability allows an attacker to execute arbitrary code when a user opens a specially crafted EPRT file. The CVSS v3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

An attacker with local access can exploit this vulnerability with low complexity and no required privileges, provided the user interacts by opening a malicious EPRT file. Successful exploitation leads to high-impact compromise of confidentiality, integrity, and availability, enabling arbitrary code execution on the affected system.

Mitigation details are available in the vendor security advisory at https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1335.

EU & UK References

Vulnerability details

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Out-of-bounds write in EPRT file parser enables RCE on open of malicious file (local client app), mapping directly to Exploitation for Client Execution and User Execution: Malicious File.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-1333Same product: 3Ds Solidworks Edrawings
CVE-2026-1334Same product: 3Ds Solidworks Edrawings
CVE-2026-27273Shared CWE-787
CVE-2026-33854Shared CWE-787
CVE-2026-27622Shared CWE-787
CVE-2026-21342Shared CWE-787
CVE-2026-34682Shared CWE-787
CVE-2026-34681Shared CWE-787
CVE-2026-0659Shared CWE-787
CVE-2026-0875Shared CWE-787

Affected Assets

3ds
solidworks edrawings
2025, 2026

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and remediation of flaws such as the out-of-bounds write in SOLIDWORKS eDrawings EPRT file parser via vendor patches.

prevent

Implements memory protection safeguards like DEP and ASLR to prevent exploitation of memory corruption vulnerabilities including out-of-bounds writes leading to arbitrary code execution.

preventdetect

Deploys malicious code protection mechanisms to scan and block execution of code triggered by specially crafted EPRT files exploiting the vulnerability.

References