CVE-2026-0874 is an out-of-bounds write vulnerability classified under CWE-787, found in Autodesk Shared Components version 2026.5. The vulnerability is triggered when the software parses a maliciously crafted CATPART file, a common file format used in Autodesk CAD products for 3D part modeling. The out-of-bounds write can lead to memory corruption, which attackers may exploit to crash the application, corrupt data, or execute arbitrary code with the privileges of the current user process. The vulnerability requires user interaction, specifically opening or processing the malicious CATPART file, but does not require prior authentication, increasing its risk profile. The CVSS 3.1 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no public exploits are known at this time, the vulnerability's nature and affected product's widespread use in critical design and manufacturing workflows make it a significant threat. Autodesk Shared Components are integral to many Autodesk products, so the vulnerability potentially affects multiple software suites that rely on these shared libraries. The lack of an available patch at the time of disclosure necessitates immediate risk mitigation through operational controls and monitoring.

The vulnerability can have severe consequences for organizations relying on Autodesk products for design and manufacturing. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to unauthorized access, data theft, or sabotage of design files. This could disrupt engineering workflows, cause loss or corruption of intellectual property, and impact product development timelines. In critical infrastructure or manufacturing environments, such disruptions could have cascading effects on supply chains and operational continuity. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users frequently exchange CAD files. The high CVSS score indicates that the vulnerability affects confidentiality, integrity, and availability, making it a critical concern for organizations handling sensitive design data or operating in competitive industries.

Organizations should implement strict controls on the handling and opening of CATPART files, especially those received from untrusted or external sources. Employ sandboxing or isolated environments for opening such files to contain potential exploitation. Monitor application behavior for crashes or anomalies indicative of exploitation attempts. Maintain up-to-date backups of critical design files to mitigate data corruption risks. Autodesk should be engaged to obtain patches or updates as soon as they become available; until then, consider disabling or restricting features that process CATPART files if feasible. Network-level controls such as email filtering and endpoint security solutions can help prevent delivery of malicious files. User awareness training is essential to reduce the risk of inadvertent execution of malicious files. Finally, implement application whitelisting and endpoint detection and response (EDR) tools to detect and block suspicious activities related to this vulnerability.