CVE-2026-1334 Overview
An Out-Of-Bounds Read vulnerability has been identified in SOLIDWORKS eDrawings affecting the EPRT file reading procedure. This vulnerability exists in SOLIDWORKS Desktop versions from Release 2025 through Release 2026 and could allow an attacker to execute arbitrary code when a user opens a specially crafted EPRT file. The vulnerability requires local access and user interaction, making it a targeted attack vector that could be leveraged in phishing campaigns or watering hole attacks targeting engineering professionals.
Critical Impact
Successful exploitation allows arbitrary code execution with the privileges of the user opening the malicious EPRT file, potentially leading to complete system compromise in engineering environments.
Affected Products
- SOLIDWORKS Desktop 2025
- SOLIDWORKS Desktop 2026
- SOLIDWORKS eDrawings (EPRT file handling component)
Discovery Timeline
- 2026-02-16 - CVE-2026-1334 published to NVD
- 2026-02-18 - Last updated in NVD database
Technical Details for CVE-2026-1334
Vulnerability Analysis
This vulnerability is classified as CWE-125 (Out-of-Bounds Read), which occurs when the software reads data past the end or before the beginning of the intended buffer. In the context of SOLIDWORKS eDrawings, the vulnerability manifests during the parsing of EPRT files, which are proprietary part file formats used by the eDrawings visualization application.
When processing a maliciously crafted EPRT file, the application fails to properly validate buffer boundaries during the file reading procedure. This allows an attacker to craft a file that causes the application to read memory beyond the allocated buffer, which can lead to information disclosure or, in more severe cases, arbitrary code execution.
Root Cause
The root cause lies in improper input validation within the EPRT file parsing routines. The application does not adequately verify the size and offset values specified within the EPRT file structure before using them to access memory buffers. This allows specially crafted files to specify values that cause the application to read beyond the boundaries of allocated memory regions.
Attack Vector
The attack requires local access with user interaction. An attacker would need to deliver a malicious EPRT file to a target user through methods such as:
- Email attachments containing the crafted EPRT file
- Compromised file-sharing platforms or engineering collaboration tools
- Social engineering to convince users to download files from attacker-controlled websites
When the victim opens the malicious EPRT file using SOLIDWORKS eDrawings, the out-of-bounds read condition is triggered. Depending on the memory layout at the time of exploitation, this can lead to information disclosure or arbitrary code execution with the privileges of the current user.
The vulnerability does not require elevated privileges and exploits the trust users place in engineering file formats. Technical details and exploitation specifics can be found in the 3DS Security Advisory.
Detection Methods for CVE-2026-1334
Indicators of Compromise
- Anomalous EPRT files with unusual file sizes or malformed header structures
- Unexpected crashes of SOLIDWORKS eDrawings applications, particularly when opening files from external sources
- Memory access violations logged in Windows Event Viewer related to eDrawings processes
- Suspicious EPRT file attachments received via email from unknown senders
Detection Strategies
- Implement endpoint detection rules to monitor for abnormal process behavior in SOLIDWORKS eDrawings executable processes
- Deploy application whitelisting to prevent unauthorized code execution from engineering application contexts
- Configure email security gateways to quarantine or scan EPRT file attachments from external sources
- Monitor for process creation events originating from eDrawings that spawn unexpected child processes
Monitoring Recommendations
- Enable detailed logging for file access events involving .eprt file extensions
- Configure application crash monitoring to alert on repeated eDrawings failures
- Implement network monitoring for unusual outbound connections following EPRT file opens
- Deploy SentinelOne Singularity endpoint protection to detect and prevent exploitation attempts in real-time
How to Mitigate CVE-2026-1334
Immediate Actions Required
- Educate users about the risks of opening EPRT files from untrusted sources
- Implement email filtering policies to quarantine EPRT attachments for security review
- Consider temporarily restricting EPRT file associations until patches are applied
- Deploy endpoint protection solutions with behavioral analysis capabilities to detect exploitation attempts
Patch Information
Dassault Systèmes has released information regarding this vulnerability. Organizations should consult the 3DS Security Advisory for the latest patch information and update instructions. Apply available security updates to SOLIDWORKS Desktop 2025 and 2026 installations as soon as they become available.
Workarounds
- Configure file association policies to prevent automatic opening of EPRT files
- Implement application sandboxing for SOLIDWORKS eDrawings to limit the impact of potential exploitation
- Use virtual machines or isolated environments when reviewing EPRT files from external sources
- Enable Windows Defender Exploit Guard or similar memory protection features to harden against out-of-bounds read exploitation
# Windows: Configure file type blocking via Group Policy (example registry approach)
# Block EPRT file associations temporarily until patched
reg add "HKEY_CLASSES_ROOT\.eprt" /v "NoOpen" /t REG_SZ /d "This file type has been blocked for security reasons" /f
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
