CVE-2026-3476 is a code injection vulnerability classified under CWE-94 affecting Dassault Systèmes SOLIDWORKS Desktop software, specifically versions Release 2025 SP0 and Release 2026 SP0. The vulnerability arises from improper control over code generation when processing files, allowing an attacker to embed malicious code within a specially crafted SOLIDWORKS file. When a user opens such a file, the malicious code executes with the user's privileges, potentially leading to full system compromise. The CVSS v3.1 base score is 7.8, indicating high severity, with an attack vector limited to local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). No patches or known exploits are currently available, but the vulnerability poses a significant risk due to the widespread use of SOLIDWORKS in engineering and design environments. The flaw underscores the risk of opening files from untrusted sources and the need for robust input validation and sandboxing in CAD software.

The vulnerability allows arbitrary code execution with the privileges of the user opening the malicious file, potentially leading to full system compromise. This can result in unauthorized access to sensitive design data, intellectual property theft, disruption of engineering workflows, and potential lateral movement within corporate networks. Given SOLIDWORKS' critical role in product design and manufacturing, exploitation could cause significant operational and financial damage. The requirement for local access and user interaction limits remote exploitation but does not eliminate risk, especially in environments where files are shared via email or removable media. The high impact on confidentiality, integrity, and availability means affected organizations could face data breaches, loss of data integrity, and denial of service conditions.

Organizations should implement strict file handling policies, including restricting the opening of SOLIDWORKS files from untrusted or unknown sources. Employ endpoint security solutions capable of detecting anomalous behavior during file processing. Use application whitelisting and least privilege principles to limit the impact of potential code execution. Enable network segmentation to contain any compromise. Monitor user activities and audit logs for suspicious file openings or process executions. Prepare to deploy vendor patches immediately upon release. Additionally, educate users about the risks of opening unsolicited or unexpected files and encourage verification of file origins. Consider sandboxing SOLIDWORKS or running it in isolated environments when handling files from external sources to reduce risk.