CVE-2026-1284 Overview
CVE-2026-1284 is an Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings. This memory corruption flaw allows attackers to execute arbitrary code when a user opens a specially crafted EPRT file, potentially leading to complete system compromise.
Critical Impact
Successful exploitation enables arbitrary code execution with the privileges of the current user, potentially allowing attackers to install malware, steal sensitive CAD data, or pivot to other systems on the network.
Affected Products
- SOLIDWORKS eDrawings Release SOLIDWORKS 2025
- SOLIDWORKS eDrawings Release SOLIDWORKS 2026
- All intermediate versions between SOLIDWORKS 2025 and SOLIDWORKS 2026
Discovery Timeline
- 2026-01-26 - CVE CVE-2026-1284 published to NVD
- 2026-01-26 - Last updated in NVD database
Technical Details for CVE-2026-1284
Vulnerability Analysis
This vulnerability is classified as CWE-787 (Out-of-Bounds Write), a memory corruption issue that occurs when a program writes data past the boundaries of allocated memory buffers. In the context of SOLIDWORKS eDrawings, the EPRT file parsing routine fails to properly validate input boundaries when processing file contents.
When eDrawings processes a malformed EPRT file, insufficient bounds checking allows an attacker to write data beyond the allocated buffer space. This can corrupt adjacent memory regions, overwrite critical data structures, or hijack program control flow. The vulnerability requires local access and user interaction to exploit—specifically, a victim must open a malicious EPRT file.
Root Cause
The root cause lies in improper validation of size parameters and data lengths during the EPRT file reading procedure. When parsing certain fields within EPRT files, the application allocates a fixed-size buffer but does not adequately verify that incoming data fits within those bounds before writing. This allows attacker-controlled data from the malicious file to overflow the buffer and corrupt memory.
Attack Vector
The attack requires social engineering to deliver the malicious EPRT file to a victim. Common delivery methods include:
- Email attachments disguised as legitimate CAD files
- Compromised file-sharing platforms or cloud storage
- Supply chain attacks targeting engineering workflows
- Malicious files embedded in project archives
Once the victim opens the crafted EPRT file in SOLIDWORKS eDrawings, the out-of-bounds write occurs during parsing. Attackers can leverage this to overwrite function pointers or return addresses, redirecting execution to shellcode embedded within the malicious file. This results in arbitrary code execution under the context of the user running eDrawings.
The vulnerability manifests during the EPRT file parsing routine when handling specially crafted input data. The application fails to validate buffer boundaries before write operations, allowing controlled memory corruption. For detailed technical information, refer to the 3DS Security Advisory.
Detection Methods for CVE-2026-1284
Indicators of Compromise
- Unexpected crashes or abnormal termination of eDrawings.exe or related processes
- Presence of suspicious or unexpected EPRT files in user download directories or email attachments
- Anomalous child processes spawned from SOLIDWORKS eDrawings application
- Memory access violations logged in Windows Event Viewer associated with eDrawings
Detection Strategies
- Deploy endpoint detection rules to monitor for anomalous behavior from eDrawings.exe, including unusual process spawning or network connections
- Implement file integrity monitoring to detect modified or suspicious EPRT files entering the environment
- Configure application whitelisting to prevent unauthorized executables spawned from eDrawings
- Enable memory protection features such as DEP and ASLR verification on systems running eDrawings
Monitoring Recommendations
- Monitor process creation events where eDrawings is the parent process for suspicious child processes
- Establish baseline behavior for eDrawings and alert on deviations such as network activity or registry modifications
- Track file system events for EPRT file creation or modification in common delivery paths (Downloads, Temp, email attachment directories)
How to Mitigate CVE-2026-1284
Immediate Actions Required
- Restrict opening EPRT files from untrusted sources until patches are applied
- Implement email filtering to quarantine EPRT file attachments from external senders
- Educate users about the risks of opening unsolicited CAD files
- Deploy network segmentation to limit impact if exploitation occurs on engineering workstations
Patch Information
Dassault Systèmes has published information regarding this vulnerability. Administrators should review the official security advisory and apply available patches or updates as soon as possible. Refer to the 3DS Security Advisory for CVE-2026-1284 for specific patch details and update instructions.
Workarounds
- Disable or restrict the ability to open EPRT files if this functionality is not critical to business operations
- Implement application sandboxing using virtualization or container technology to isolate eDrawings execution
- Use file inspection tools to scan EPRT files before allowing users to open them
- Consider temporarily removing eDrawings from non-essential workstations until patches are deployed
# Example: Block EPRT file extensions at email gateway (Exchange Transport Rule)
# Create a transport rule to quarantine messages with .eprt attachments
# PowerShell example for Exchange Online:
New-TransportRule -Name "Block EPRT Attachments" `
-AttachmentExtensionMatchesWords "eprt" `
-Quarantine $true `
-Comments "Mitigation for CVE-2026-1284"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
