CVE-2026-1335: Buffer Overflow — Patch Guide

Overview

A significant security vulnerability has been identified in SOLIDWORKS eDrawings, a widely used application for viewing 2D and 3D design files. This flaw could allow an attacker to take control of a user’s computer under specific conditions.

Vulnerability Explained in Simple Terms

The vulnerability exists in the part of the software that reads EPRT files (a type of 3D part file). Due to a programming error, the software does not properly check the boundaries of the data it is processing. When opening a maliciously crafted EPRT file, this allows an attacker to write data into an area of the computer’s memory where they shouldn’t have access. This corrupted memory can then be used to run the attacker’s own code on the victim’s system.

Affected Software and Impact

• Affected Versions: SOLIDWORKS eDrawings from SOLIDWORKS Desktop 2025 through SOLIDWORKS Desktop 2026.
• Potential Impact: An attacker who successfully exploits this vulnerability could execute arbitrary code on the victim’s computer. This means they could install programs, view, change, or delete data, or create new accounts with full user rights, all with the privileges of the user who opened the malicious file.

Remediation and Mitigation Steps

The primary and most effective action is to apply the official fix from the vendor.

1. Apply the Official Patch: Dassault Systèmes has released security updates to address this vulnerability. System administrators and users must update their installations of SOLIDWORKS eDrawings to the latest patched version provided by the vendor. Consult the official SOLIDWORKS support portal or your account manager for the specific update.

2. Immediate Mitigation (If Patching is Delayed):

   • Exercise Extreme Caution with Files: Do not open EPRT files (or any CAD files) received from untrusted or unknown sources. Treat unsolicited file attachments with high suspicion.
   • Use Principle of Least Privilege: Ensure users do not operate with administrative privileges on their workstations. This can limit the impact of successful exploitation by preventing system-wide changes.
   • Network and Email Filtering: Consider temporarily blocking EPRT file attachments at email gateways or network perimeter filters if this is a critical risk for your environment.

Summary

This high-severity vulnerability (CVSS: 7.8, CVE-2026-1335) in SOLIDWORKS eDrawings poses a serious risk, as it can be triggered simply by a user opening a booby-trapped design file. Prompt patching is essential. Until updates are applied, reinforce user awareness regarding suspicious file attachments and restrict user permissions to reduce potential damage.