CVE-2026-1333 is a vulnerability classified under CWE-457 (Use of Uninitialized Variable) found in Dassault Systèmes SOLIDWORKS eDrawings software, specifically in the EPRT file reading procedure. This flaw exists in the 2025 SP0 and 2026 SP0 releases of SOLIDWORKS Desktop. The vulnerability occurs because the software uses a variable that is not properly initialized before use during the parsing of EPRT files, which are a proprietary file format used by SOLIDWORKS for 3D model data exchange. Exploiting this vulnerability involves an attacker crafting a specially designed EPRT file that triggers the uninitialized variable usage, potentially leading to memory corruption. This memory corruption can be leveraged to execute arbitrary code with the privileges of the user opening the file. The attack vector is local (AV:L), requires low attack complexity (AC:L), no privileges (PR:N), but does require user interaction (UI:R) to open the malicious file. The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No patches or fixes are currently linked, and no exploits are known to be active in the wild as of the publication date. This vulnerability poses a significant risk to users who handle untrusted EPRT files, especially in environments where SOLIDWORKS eDrawings is used for collaboration or file sharing.

The vulnerability allows arbitrary code execution in the context of the user opening a malicious EPRT file, which can lead to full compromise of the affected system. This includes potential data theft, unauthorized modification of design files, disruption of engineering workflows, and installation of persistent malware. Given SOLIDWORKS eDrawings is widely used in engineering, manufacturing, and design sectors, exploitation could disrupt critical industrial operations and intellectual property security. The requirement for user interaction and local access limits remote exploitation but does not eliminate risk, especially in environments where files are shared via email or network drives. The high impact on confidentiality, integrity, and availability makes this a critical concern for organizations relying on SOLIDWORKS for product development and collaboration.

Organizations should implement strict controls on the handling and opening of EPRT files, especially those received from untrusted or external sources. Until a patch is released, users should avoid opening EPRT files from unknown origins and consider sandboxing or using isolated environments for viewing such files. Employ endpoint security solutions capable of detecting anomalous behavior related to file parsing and code execution. Network segmentation can limit the spread of any compromise resulting from exploitation. Regular backups of critical design data should be maintained to enable recovery from potential attacks. Dassault Systèmes users should monitor official channels for security updates and apply patches promptly once available. Additionally, user training to recognize suspicious files and phishing attempts can reduce the risk of exploitation via social engineering.