CVE-2026-1284 is an out-of-bounds write vulnerability classified under CWE-787 affecting the EPRT file reading functionality in Dassault Systèmes SOLIDWORKS eDrawings, specifically in releases 2025 SP0 and 2026 SP0. The vulnerability arises when the software processes a specially crafted EPRT file, which is a file format used by SOLIDWORKS eDrawings to represent 3D part data. An out-of-bounds write occurs when the program writes data outside the boundaries of allocated memory, potentially overwriting adjacent memory regions. This can corrupt memory and allow an attacker to execute arbitrary code within the context of the affected application. Exploitation requires a user to open a malicious EPRT file, which means user interaction is necessary. The CVSS v3.1 base score is 7.8, reflecting a high severity due to the potential for complete compromise of confidentiality, integrity, and availability of the system running the vulnerable software. The attack vector is local (AV:L), meaning the attacker must have local access or trick a user into opening the file. No privileges are required (PR:N), but user interaction (UI:R) is necessary. The vulnerability scope is unchanged (S:U), indicating the impact is limited to the vulnerable component. Currently, no public exploits or proof-of-concept code are known, but the vulnerability is publicly disclosed and should be addressed promptly. SOLIDWORKS eDrawings is widely used in engineering and manufacturing industries for viewing and sharing CAD data, making this vulnerability particularly relevant to organizations in these sectors.

For European organizations, the impact of CVE-2026-1284 can be significant, especially those in manufacturing, automotive, aerospace, and engineering sectors that rely heavily on SOLIDWORKS eDrawings for CAD visualization and collaboration. Exploitation could lead to arbitrary code execution, allowing attackers to gain unauthorized access, steal intellectual property, manipulate design files, or disrupt operations. This could result in loss of sensitive design data, intellectual property theft, operational downtime, and reputational damage. The requirement for user interaction means phishing or social engineering could be used to deliver malicious EPRT files, increasing risk in environments where file sharing is common. The vulnerability affects confidentiality, integrity, and availability, making it a comprehensive threat to affected systems. Given the critical role of CAD data in product development, exploitation could have downstream effects on supply chains and product safety. The absence of known exploits currently provides a window for mitigation before active attacks emerge.

1. Restrict the sources of EPRT files by implementing strict file transfer policies and only accepting files from trusted, verified sources. 2. Educate users about the risks of opening unsolicited or unexpected EPRT files, emphasizing caution with email attachments and downloads. 3. Employ application whitelisting to control which applications and file types can be executed or opened on workstations. 4. Monitor network and endpoint logs for unusual activity related to SOLIDWORKS eDrawings or unexpected file openings. 5. Isolate CAD workstations from general-purpose networks where possible to limit exposure. 6. Apply principle of least privilege to user accounts running SOLIDWORKS eDrawings to minimize potential damage from exploitation. 7. Regularly check for and apply security patches or updates from Dassault Systèmes as they become available. 8. Consider sandboxing or opening EPRT files in a controlled environment to detect malicious behavior before allowing access on production systems.