Autodesk Products Out-of-Bounds Write Vulnerability Allowing Memory Corruption and Arbitrary Code Execution
Vulnerability
An out-of-bounds write vulnerability has been identified in multiple Autodesk products, including AutoCAD 2026 and its specialized toolsets, as well as Autodesk Advance Steel, 3ds Max, Civil 3D, InfraWorks, Inventor, Revit, Revit LT, and Vault. This vulnerability arises when certain versions of PRT files are parsed, allowing a malicious actor to cause a crash, corrupt data, or execute arbitrary code within the current process.
Impact
Exploitation of this vulnerability leads to memory corruption, allowing for a heap-based overflow. This could result in a crash, data corruption, or arbitrary code execution in the context of the current process.
Remediation
Users are advised to update to Autodesk Shared Components version 2026.3, available through Autodesk Access or the Accounts Portal. No need to update, uninstall, or reinstall individual products, as the shared component update can be applied independently.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.