CVE-2026-3476: CWE-94 Improper Control of Generation of Code ('Code Injection') in Dassault Systèmes SOLIDWORKS Desktop
CVE-2026-3476 is a high-severity code injection vulnerability in Dassault Systèmes SOLIDWORKS Desktop versions Release 2025 SP0 and Release 2026 SP0. This flaw allows an attacker to execute arbitrary code on a victim's machine by tricking the user into opening a specially crafted file. Exploitation requires local access and user interaction but no prior privileges. The vulnerability impacts confidentiality, integrity, and availability, enabling full system compromise. No known exploits are currently reported in the wild, but the risk remains significant due to the potential damage. Organizations using affected SOLIDWORKS versions should prioritize patching once available and implement strict file handling policies. The threat is especially relevant to countries with strong manufacturing and engineering sectors relying on SOLIDWORKS. Mitigation includes restricting file sources, employing application whitelisting, and monitoring for suspicious activity. Given the CVSS 7. 8 score, this vulnerability demands urgent attention to prevent exploitation.
AI Analysis
Technical Summary
CVE-2026-3476 is a code injection vulnerability classified under CWE-94, affecting Dassault Systèmes SOLIDWORKS Desktop versions Release 2025 SP0 and Release 2026 SP0. The vulnerability arises from improper control over code generation when opening files, allowing an attacker to embed malicious code within a specially crafted SOLIDWORKS file. When a user opens such a file, the malicious code executes with the user's privileges, potentially leading to full system compromise. The CVSS 3.1 base score of 7.8 reflects a high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no public exploits are known yet, the vulnerability poses a significant risk due to the widespread use of SOLIDWORKS in engineering and manufacturing industries. The flaw highlights the risks of processing untrusted files in complex desktop applications without sufficient input validation or sandboxing. Dassault Systèmes has not yet published patches, so users must rely on mitigations until updates are available.
Potential Impact
The vulnerability allows attackers to execute arbitrary code on affected systems, potentially leading to complete compromise of the user's machine. This can result in theft of intellectual property, insertion of backdoors, disruption of engineering workflows, and loss of data integrity. Since SOLIDWORKS is widely used in product design and manufacturing, exploitation could have downstream effects on supply chains and critical infrastructure. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users frequently exchange design files. The high impact on confidentiality, integrity, and availability means organizations could face severe operational and reputational damage if exploited. Additionally, the lack of current patches increases exposure time, emphasizing the need for proactive defense.
Mitigation Recommendations
1. Restrict SOLIDWORKS file sources to trusted and verified origins to reduce the risk of opening malicious files. 2. Implement application whitelisting and endpoint protection solutions that can detect and block suspicious code execution patterns related to SOLIDWORKS processes. 3. Educate users on the risks of opening unsolicited or unexpected SOLIDWORKS files, emphasizing verification before opening. 4. Use network segmentation to isolate engineering workstations from less secure network zones to limit lateral movement if compromise occurs. 5. Monitor system and application logs for unusual behavior indicative of code injection attempts. 6. Employ sandboxing or virtualized environments for opening untrusted SOLIDWORKS files when possible. 7. Stay alert for official patches or updates from Dassault Systèmes and apply them promptly once released. 8. Consider deploying file integrity monitoring on critical engineering workstations to detect unauthorized changes.
Affected Countries
United States, Germany, Japan, South Korea, France, United Kingdom, China, Canada, Italy, Netherlands
CVE-2026-3476: CWE-94 Improper Control of Generation of Code ('Code Injection') in Dassault Systèmes SOLIDWORKS Desktop
Description
CVE-2026-3476 is a high-severity code injection vulnerability in Dassault Systèmes SOLIDWORKS Desktop versions Release 2025 SP0 and Release 2026 SP0. This flaw allows an attacker to execute arbitrary code on a victim's machine by tricking the user into opening a specially crafted file. Exploitation requires local access and user interaction but no prior privileges. The vulnerability impacts confidentiality, integrity, and availability, enabling full system compromise. No known exploits are currently reported in the wild, but the risk remains significant due to the potential damage. Organizations using affected SOLIDWORKS versions should prioritize patching once available and implement strict file handling policies. The threat is especially relevant to countries with strong manufacturing and engineering sectors relying on SOLIDWORKS. Mitigation includes restricting file sources, employing application whitelisting, and monitoring for suspicious activity. Given the CVSS 7. 8 score, this vulnerability demands urgent attention to prevent exploitation.
AI-Powered Analysis
Technical Analysis
CVE-2026-3476 is a code injection vulnerability classified under CWE-94, affecting Dassault Systèmes SOLIDWORKS Desktop versions Release 2025 SP0 and Release 2026 SP0. The vulnerability arises from improper control over code generation when opening files, allowing an attacker to embed malicious code within a specially crafted SOLIDWORKS file. When a user opens such a file, the malicious code executes with the user's privileges, potentially leading to full system compromise. The CVSS 3.1 base score of 7.8 reflects a high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no public exploits are known yet, the vulnerability poses a significant risk due to the widespread use of SOLIDWORKS in engineering and manufacturing industries. The flaw highlights the risks of processing untrusted files in complex desktop applications without sufficient input validation or sandboxing. Dassault Systèmes has not yet published patches, so users must rely on mitigations until updates are available.
Potential Impact
The vulnerability allows attackers to execute arbitrary code on affected systems, potentially leading to complete compromise of the user's machine. This can result in theft of intellectual property, insertion of backdoors, disruption of engineering workflows, and loss of data integrity. Since SOLIDWORKS is widely used in product design and manufacturing, exploitation could have downstream effects on supply chains and critical infrastructure. The requirement for user interaction limits remote exploitation but does not eliminate risk, especially in environments where users frequently exchange design files. The high impact on confidentiality, integrity, and availability means organizations could face severe operational and reputational damage if exploited. Additionally, the lack of current patches increases exposure time, emphasizing the need for proactive defense.
Mitigation Recommendations
1. Restrict SOLIDWORKS file sources to trusted and verified origins to reduce the risk of opening malicious files. 2. Implement application whitelisting and endpoint protection solutions that can detect and block suspicious code execution patterns related to SOLIDWORKS processes. 3. Educate users on the risks of opening unsolicited or unexpected SOLIDWORKS files, emphasizing verification before opening. 4. Use network segmentation to isolate engineering workstations from less secure network zones to limit lateral movement if compromise occurs. 5. Monitor system and application logs for unusual behavior indicative of code injection attempts. 6. Employ sandboxing or virtualized environments for opening untrusted SOLIDWORKS files when possible. 7. Stay alert for official patches or updates from Dassault Systèmes and apply them promptly once released. 8. Consider deploying file integrity monitoring on critical engineering workstations to detect unauthorized changes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- 3DS
- Date Reserved
- 2026-03-03T13:13:51.497Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69b7f2399d4df4518356864e
Added to database: 3/16/2026, 12:06:17 PM
Last enriched: 3/16/2026, 12:20:36 PM
Last updated: 3/16/2026, 1:09:48 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.