CVE-2026-1335 is an out-of-bounds write vulnerability classified under CWE-787 found in Dassault Systèmes SOLIDWORKS eDrawings, specifically affecting the EPRT file reading functionality in versions from Release SOLIDWORKS Desktop 2025 SP0 through 2026 SP0. The vulnerability arises when the software processes specially crafted EPRT files, which can cause memory corruption by writing data outside the intended buffer boundaries. This memory corruption can be leveraged by an attacker to execute arbitrary code within the context of the affected application. The attack vector requires the victim to open a maliciously crafted EPRT file, making user interaction necessary, but no prior authentication or elevated privileges are required to trigger the exploit. The vulnerability impacts confidentiality, integrity, and availability, as arbitrary code execution could lead to data theft, system compromise, or denial of service. The CVSS v3.1 score of 7.8 reflects a high severity due to the ease of exploitation (local access with user interaction), low attack complexity, and significant impact. Although no public exploits are known at this time, the vulnerability poses a serious risk to organizations relying on SOLIDWORKS eDrawings for CAD file visualization and collaboration. No official patches have been released yet, so users must rely on interim mitigations and monitoring.

The potential impact of CVE-2026-1335 is substantial for organizations using SOLIDWORKS eDrawings in their engineering, design, and manufacturing workflows. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to unauthorized access to sensitive design data, intellectual property theft, or disruption of critical design processes. This could result in financial losses, reputational damage, and operational downtime. Since SOLIDWORKS eDrawings is widely used for viewing and sharing CAD files, attackers could target supply chains or collaborative partners by distributing malicious EPRT files. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users frequently exchange CAD files. The vulnerability also poses a risk of malware installation or lateral movement within corporate networks if exploited. Organizations in sectors such as aerospace, automotive, industrial manufacturing, and defense, which heavily rely on SOLIDWORKS, face increased exposure.

To mitigate CVE-2026-1335, organizations should implement the following specific measures: 1) Restrict the opening of EPRT files to trusted sources only and educate users about the risks of opening files from unknown or untrusted origins. 2) Employ application whitelisting and sandboxing techniques to isolate SOLIDWORKS eDrawings processes, limiting the impact of potential exploitation. 3) Monitor and control file exchange channels, such as email and shared drives, to detect and block suspicious EPRT files using advanced file scanning and behavioral analysis tools. 4) Implement strict network segmentation to reduce the risk of lateral movement if an exploit occurs. 5) Maintain up-to-date backups of critical design data to enable recovery in case of compromise. 6) Regularly review and apply security advisories from Dassault Systèmes and prepare for prompt patch deployment once available. 7) Consider deploying endpoint detection and response (EDR) solutions capable of identifying anomalous behavior related to memory corruption or code execution attempts within SOLIDWORKS eDrawings.