CVE-2026-0875 is an out-of-bounds write vulnerability classified under CWE-787 found in Autodesk Shared Components, specifically triggered when parsing a specially crafted MODEL file. This vulnerability arises due to improper bounds checking during the processing of MODEL files, allowing a malicious actor to write data beyond the allocated memory buffer. The consequence of this memory corruption can range from application crashes and data corruption to arbitrary code execution within the context of the affected process. The vulnerability affects Autodesk Shared Components version 2026.5 and requires user interaction to exploit, such as opening or importing a malicious MODEL file. No privileges are required to trigger the vulnerability, increasing its risk profile. The CVSS 3.1 base score is 7.8, indicating a high severity with a vector of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, meaning it is exploitable over a local vector with low attack complexity, no privileges, but requires user interaction, and impacts confidentiality, integrity, and availability substantially. Currently, there are no known exploits in the wild, but the vulnerability's nature makes it a prime candidate for future exploitation, especially in environments where Autodesk products are widely used for design and engineering tasks.

The impact of CVE-2026-0875 is significant for organizations relying on Autodesk Shared Components, particularly those in industries such as architecture, engineering, construction, manufacturing, and media production. Successful exploitation can lead to arbitrary code execution, allowing attackers to execute malicious payloads, potentially leading to system compromise, data theft, or disruption of critical design workflows. Data corruption or application crashes can result in loss of intellectual property or delays in project timelines. Since the vulnerability requires user interaction, phishing or social engineering could be used to deliver malicious MODEL files. The broad impact on confidentiality, integrity, and availability makes this vulnerability a critical concern for organizations that handle sensitive design data or operate in highly regulated environments.

Organizations should immediately monitor Autodesk's official channels for patches addressing this vulnerability and apply them as soon as they become available. Until patches are released, implement strict controls on MODEL file sources, including disabling automatic opening or importing of MODEL files from untrusted or unknown origins. Employ sandboxing or application isolation techniques to limit the impact of potential exploitation. Enhance endpoint protection with behavior-based detection to identify anomalous activity related to Autodesk processes. Conduct user awareness training to reduce the risk of social engineering attacks delivering malicious MODEL files. Additionally, consider network segmentation to isolate systems running Autodesk software from critical infrastructure and sensitive data repositories. Regularly audit and update software inventories to ensure vulnerable versions are identified and remediated promptly.