CVE-2026-3476 Code Injection vulnerability affecting in SOLIDWORKS Desktop from Release 2025 through Release 2026
Details
CVSS v3
7.8
Affected versions
SOLIDWORKS Desktop releases 2025 through 2026
Summary
This flaw allows attackers to execute arbitrary code on a victim's machine when the victim opens a specially crafted SOLIDWORKS file. Successful exploitation can grant attackers full control over the affected workstation. The vulnerability impacts all supported releases of SOLIDWORKS Desktop between 2025 and 2026.
Remediation
Install the latest official security update from Dassault Systèmes for your installed version of SOLIDWORKS Desktop. Advise users to avoid opening SOLIDWORKS files received from unknown or untrusted senders. Enable endpoint scanning to detect maliciously crafted SOLIDWORKS files.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.