CVE-2026-1334:

Overview

A significant security vulnerability has been identified in SOLIDWORKS eDrawings, a widely used application for viewing and sharing 3D models and 2D drawings. This flaw could allow an attacker to take control of an affected system.

Vulnerability Explained

In simple terms, the vulnerability exists in the part of the software that reads specific 3D model files (EPRT files). Due to a programming error, the software does not properly check the boundaries of the data it is reading from a malicious file. This “Out-of-Bounds Read” error can be exploited to trick the software into executing malicious code embedded within the file by the attacker.

Affected Software:

• SOLIDWORKS eDrawings from SOLIDWORKS Desktop 2025 through SOLIDWORKS Desktop 2026.

Potential Impact

The primary risk is that an attacker could create a specially crafted EPRT file designed to exploit this flaw. If a user opens this malicious file with a vulnerable version of eDrawings, the attacker could potentially execute arbitrary code on the victim’s computer. This could lead to:

• Full system compromise.
• Installation of malware, ransomware, or spyware.
• Theft of sensitive design data or intellectual property.
• Lateral movement within a corporate network.

The vulnerability is rated as HIGH severity with a CVSS score of 7.8, indicating a considerable threat, especially in engineering and design environments.

Remediation and Mitigation Steps

Immediate action is required to protect your systems.

1. Apply Official Updates: Dassault Systèmes, the developer of SOLIDWORKS, has released security updates to address this vulnerability. You must update to a patched version of SOLIDWORKS eDrawings as soon as possible. Check with your SOLIDWORKS administrator or reseller for the specific update pertaining to your release.
2. Exercise Caution with Files: Until updates are applied, users should be extremely cautious with EPRT files received from untrusted or unexpected sources. Do not open such files.
3. Network and Email Filtering: If possible, use email gateways and network security tools to block or quarantine EPRT file attachments, especially from external senders, as an interim measure.
4. Principle of Least Privilege: Ensure users do not operate with administrative privileges on their workstations. This can help limit the impact of potential code execution.

Reference: This vulnerability is tracked as CVE-2026-1334. Please refer to official communications from Dassault Systèmes for the most detailed and current patching information.