Autodesk AutoCAD
Moderate fix1 remedy
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*
Moderate fix1 remedy
- 2026.2
Autodesk Products Memory Corruption Vulnerability Allowing Arbitrary Code Execution
Vulnerability
Patched
A memory corruption vulnerability has been identified in several Autodesk products, including AutoCAD 2026 and its specialized toolsets, as well as Autodesk Advance Steel, 3ds Max, Civil 3D, InfraWorks, Inventor, Revit, Revit LT, and Vault. This vulnerability arises when certain Autodesk products parse a maliciously crafted X_T file, leading to memory corruption. A malicious actor could exploit this vulnerability to execute arbitrary code within the context of the current process.
Impact
Exploitation of this vulnerability can lead to memory corruption, heap-based overflow, out-of-bounds write, out-of-bounds read, use-after-free, and arbitrary code execution in the context of the current process.
Remediation
Users are advised to install the latest available version of Autodesk Shared Components via Autodesk Access or the Accounts Portal. These shared component updates can be installed independently of the host products. As a best practice, users should only open files from trusted sources.
Added: Jul 29, 2025, 6:34 PM
Updated: Jul 29, 2025, 6:34 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
7.5exploitability
4.4remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.