CVE-2026-1335 Overview
CVE-2026-1335 is an Out-of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings. This memory corruption flaw could allow an attacker to execute arbitrary code when a user opens a specially crafted EPRT file. The vulnerability requires user interaction to exploit, making social engineering attacks such as malicious file attachments or downloads a likely attack vector.
Critical Impact
Successful exploitation enables arbitrary code execution with the privileges of the user running SOLIDWORKS eDrawings, potentially leading to complete system compromise.
Affected Products
- SOLIDWORKS Desktop 2025 (all versions with eDrawings)
- SOLIDWORKS Desktop 2026 (all versions with eDrawings)
- SOLIDWORKS eDrawings component across affected releases
Discovery Timeline
- February 16, 2026 - CVE-2026-1335 published to NVD
- February 18, 2026 - Last updated in NVD database
Technical Details for CVE-2026-1335
Vulnerability Analysis
This vulnerability is classified as CWE-787 (Out-of-Bounds Write), a memory corruption vulnerability that occurs when the application writes data past the boundaries of allocated memory buffers. In the context of SOLIDWORKS eDrawings, the flaw exists within the EPRT file parsing routine, where insufficient bounds checking allows malformed file data to trigger memory corruption.
Out-of-bounds write vulnerabilities are particularly dangerous because they can corrupt adjacent memory structures, overwrite function pointers, or modify critical program state. In this case, an attacker could craft a malicious EPRT file that, when parsed by eDrawings, writes attacker-controlled data beyond the intended buffer boundaries. This memory corruption can be leveraged to achieve arbitrary code execution.
The local attack vector combined with required user interaction indicates this is a client-side vulnerability that would typically be exploited through phishing campaigns or malicious file sharing. An attacker would need to convince a target user to open the weaponized EPRT file, at which point the exploit would execute with the user's privileges.
Root Cause
The root cause is improper validation of data length or offset values when processing EPRT file structures. The EPRT file reading procedure fails to adequately verify that data being written fits within the allocated buffer boundaries, allowing crafted file content to write beyond the intended memory region. This represents a classic boundary condition error in file parsing logic.
Attack Vector
The attack requires local access and user interaction. An attacker would need to:
- Craft a malicious EPRT file containing exploit payload data
- Deliver the file to the target through email attachments, file shares, or web downloads
- Entice the victim to open the file using SOLIDWORKS eDrawings
- Upon parsing, the malformed file triggers the out-of-bounds write condition
- Memory corruption leads to arbitrary code execution with user privileges
The vulnerability does not require special privileges to exploit, and the impact spans confidentiality, integrity, and availability due to the arbitrary code execution capability.
Detection Methods for CVE-2026-1335
Indicators of Compromise
- Unusual EPRT files with abnormal sizes or malformed headers in user directories or email attachments
- SOLIDWORKS eDrawings process (eDrawings.exe) exhibiting unexpected behavior such as crashes followed by unusual process spawning
- Memory access violation events in Windows Event Logs associated with eDrawings processes
- Unexpected network connections or file system modifications initiated by eDrawings processes
Detection Strategies
- Deploy endpoint detection rules to monitor for eDrawings process anomalies, including unexpected child processes or memory access violations
- Implement file inspection policies to scan EPRT files for known malicious patterns or structural anomalies
- Configure application allowlisting to prevent unauthorized code execution from the eDrawings process context
- Monitor for exploit behavior patterns such as shellcode execution or process injection following EPRT file opens
Monitoring Recommendations
- Enable process behavior monitoring for SOLIDWORKS eDrawings executables on all engineering workstations
- Configure centralized logging for application crashes and memory access violations related to CAD applications
- Deploy file integrity monitoring for sensitive directories frequently targeted by CAD-related malware
- Implement user activity monitoring to track EPRT file sources and access patterns
How to Mitigate CVE-2026-1335
Immediate Actions Required
- Apply vendor-provided security patches from Dassault Systèmes immediately upon availability
- Restrict EPRT file access from untrusted sources and implement quarantine policies for externally received CAD files
- Warn users about the risks of opening EPRT files from unknown or suspicious sources
- Consider temporarily disabling or restricting eDrawings functionality on high-value systems until patching is complete
Patch Information
Dassault Systèmes has published security advisory information for this vulnerability. Affected organizations should consult the 3DS Security Advisory for CVE-2026-1335 for official patch availability and installation guidance.
Organizations should prioritize patching SOLIDWORKS Desktop 2025 and 2026 installations, particularly on systems used by engineering teams who regularly handle external CAD files.
Workarounds
- Block or quarantine EPRT files at email gateways and web proxies until patches can be applied
- Implement network segmentation to limit potential lateral movement from compromised engineering workstations
- Configure application sandboxing for SOLIDWORKS eDrawings where supported
- Establish file source verification procedures requiring validation before opening external EPRT files
- Consider using alternative CAD viewing solutions for untrusted files until the patch is deployed
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
