CVE-2026-1283 is a heap-based buffer overflow vulnerability classified under CWE-122, affecting the EPRT file reading component of Dassault Systèmes SOLIDWORKS eDrawings software in versions 2025 SP0 and 2026 SP0. The vulnerability arises when the application processes specially crafted EPRT files, which are used for representing 3D part data. Due to improper bounds checking during the parsing of these files, an attacker can overflow a heap buffer, corrupting memory and potentially overwriting control data structures. This memory corruption can lead to arbitrary code execution within the context of the user running the software. The CVSS v3.1 score of 7.8 reflects a high severity, with an attack vector requiring local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), but user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the widespread use of SOLIDWORKS eDrawings in engineering and manufacturing workflows. The lack of available patches at the time of disclosure necessitates immediate risk mitigation through operational controls and monitoring.

For European organizations, especially those in manufacturing, automotive, aerospace, and engineering sectors where SOLIDWORKS eDrawings is widely used, this vulnerability could lead to severe consequences. Successful exploitation allows attackers to execute arbitrary code, potentially leading to theft of intellectual property, sabotage of design files, or disruption of production processes. The compromise of design data confidentiality and integrity could have cascading effects on supply chains and product safety. Given the local access and user interaction requirements, the threat is more likely to arise from targeted phishing campaigns or insider threats delivering malicious EPRT files. The high impact on availability could disrupt critical engineering workflows, causing operational downtime and financial losses. The absence of known exploits provides a window for proactive defense, but organizations must act swiftly to prevent exploitation.

1. Implement strict file handling policies that restrict opening EPRT files from untrusted or unknown sources. 2. Educate users on the risks of opening unsolicited or suspicious EPRT files, emphasizing the need for caution and verification. 3. Employ endpoint protection solutions capable of detecting anomalous behavior or memory corruption attempts related to SOLIDWORKS eDrawings. 4. Use application whitelisting and sandboxing techniques to limit the impact of potential exploitation. 5. Monitor network and endpoint logs for unusual activity associated with SOLIDWORKS eDrawings processes. 6. Coordinate with Dassault Systèmes for timely patch deployment once available and test patches in controlled environments before widespread rollout. 7. Consider isolating engineering workstations from general networks to reduce exposure. 8. Maintain regular backups of design files and system states to enable recovery in case of compromise.