CVE-2026-1334 is an out-of-bounds read vulnerability classified under CWE-125 that affects the EPRT file parsing functionality in Dassault Systèmes SOLIDWORKS eDrawings software, specifically in releases SOLIDWORKS Desktop 2025 SP0 and 2026 SP0. The vulnerability arises when the software processes specially crafted EPRT files, leading to an out-of-bounds memory read condition. This memory corruption can be leveraged by an attacker to execute arbitrary code within the context of the user running the application. The attack vector requires the victim to open a malicious EPRT file, which implies user interaction is necessary. No privileges are required to exploit this vulnerability, but the attacker must have a means to deliver the crafted file to the target system. The CVSS v3.1 base score is 7.8, reflecting high severity due to the potential for full compromise of confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability poses a significant risk given the widespread use of SOLIDWORKS eDrawings in engineering and design workflows. The lack of available patches at the time of reporting necessitates proactive mitigation strategies. The vulnerability's impact is critical in environments where intellectual property and design data confidentiality are paramount. Attackers could use this flaw to execute code, potentially leading to data theft, sabotage, or lateral movement within corporate networks.

For European organizations, especially those in the manufacturing, automotive, aerospace, and industrial design sectors, this vulnerability could lead to severe consequences. Exploitation could result in unauthorized access to sensitive design files and intellectual property, undermining competitive advantage and potentially causing financial losses. The ability to execute arbitrary code could allow attackers to deploy malware, ransomware, or establish persistent footholds within corporate networks. Given the reliance on SOLIDWORKS eDrawings for product development, disruption or compromise could delay projects and damage reputations. The confidentiality breach risk is particularly critical in Europe due to stringent data protection regulations such as GDPR, which could lead to regulatory penalties if sensitive data is exposed. Additionally, the integrity and availability of design data are crucial for operational continuity, and any compromise could halt production lines or lead to defective products. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where file sharing is common. The absence of known exploits currently provides a window for mitigation but also underscores the need for vigilance.

1. Monitor Dassault Systèmes communications closely and apply official patches immediately upon release to remediate the vulnerability. 2. Until patches are available, restrict the opening of EPRT files from untrusted or unknown sources by implementing strict file handling policies. 3. Employ application whitelisting to limit execution of unauthorized files and scripts within engineering workstations. 4. Use sandboxing or isolated environments for opening EPRT files, minimizing potential impact from malicious files. 5. Educate users on the risks of opening unsolicited or unexpected files, emphasizing caution with EPRT files received via email or file sharing platforms. 6. Implement network segmentation to isolate critical design and engineering systems from general user networks, reducing lateral movement opportunities. 7. Utilize endpoint detection and response (EDR) solutions to monitor for suspicious behaviors indicative of exploitation attempts. 8. Conduct regular backups of design data and verify their integrity to ensure recovery capability in case of compromise. 9. Review and tighten access controls on systems running SOLIDWORKS eDrawings to limit exposure. 10. Consider disabling or limiting the use of eDrawings viewers where feasible until patches are applied.