CVE-2026-1333 is a vulnerability classified under CWE-457 (Use of Uninitialized Variable) found in Dassault Systèmes SOLIDWORKS eDrawings, specifically affecting the EPRT file reading procedure in versions from SOLIDWORKS Desktop 2025 SP0 through 2026 SP0. The flaw arises because the software uses variables that have not been properly initialized during the parsing of EPRT files, which are proprietary CAD file formats used for 3D model data exchange. This improper handling can lead to undefined behavior, including memory corruption. An attacker can craft a malicious EPRT file that, when opened by a user in the vulnerable eDrawings application, triggers this vulnerability to execute arbitrary code. The attack vector requires local access to the victim’s machine and user interaction to open the malicious file, but no prior authentication or elevated privileges are needed. The vulnerability affects confidentiality, integrity, and availability by potentially allowing full control over the affected system. The CVSS v3.1 score is 7.8, indicating a high severity level, with the vector string AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H reflecting local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability. No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed promptly.

For European organizations, particularly those in engineering, manufacturing, and design sectors that rely heavily on SOLIDWORKS eDrawings for CAD file visualization and collaboration, this vulnerability poses a significant risk. Exploitation could lead to unauthorized code execution, resulting in data theft, intellectual property compromise, or disruption of critical design workflows. Given the high confidentiality and integrity impact, sensitive design files and proprietary information could be exposed or altered. Availability could also be affected if attackers deploy malware or ransomware post-exploitation. The requirement for user interaction means phishing or social engineering could be used to deliver malicious EPRT files via email or shared drives. The lack of known exploits in the wild currently reduces immediate risk, but the vulnerability’s public disclosure increases the likelihood of future exploitation attempts. Organizations with remote or hybrid work environments may face increased exposure due to file sharing practices.

1. Apply patches or updates from Dassault Systèmes as soon as they become available for SOLIDWORKS Desktop 2025 SP0 and 2026 SP0 versions. 2. Implement strict email and file sharing policies to block or quarantine unsolicited EPRT files from untrusted sources. 3. Educate users on the risks of opening files from unknown or untrusted origins, emphasizing the importance of verifying file sources. 4. Use endpoint protection solutions capable of detecting anomalous behavior related to CAD file processing or suspicious code execution. 5. Employ application whitelisting to restrict execution of unauthorized code and sandboxing to isolate file viewing processes. 6. Monitor network and endpoint logs for unusual activity following file openings, including unexpected process launches or memory access patterns. 7. Limit local user privileges to reduce the impact of potential code execution. 8. Consider disabling automatic preview or opening of EPRT files in email clients or file explorers where feasible.