Autodesk AutoCAD
Moderate fix1 remedy
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*
Moderate fix1 remedy
- 2026.2
Autodesk Products Out-of-Bounds Write Vulnerability in 3DM File Parsing
Vulnerability
Patched
An out-of-bounds write vulnerability has been identified in multiple Autodesk products, including AutoCAD 2026 and its specialized toolsets, as well as Advance Steel, 3ds Max, Civil 3D, InfraWorks, Inventor, Revit, Revit LT, and Vault 2026. This vulnerability arises when certain Autodesk products parse maliciously crafted 3DM files, potentially leading to memory corruption, data corruption, application crashes, or arbitrary code execution within the context of the current process.
Impact
Exploitation of this vulnerability can cause application crashes, data corruption, or allow for arbitrary code execution in the context of the current process.
Remediation
Users are advised to update to Autodesk Shared Components version 2026.3, available through Autodesk Access or the Accounts Portal. No need to update, uninstall, or reinstall individual Autodesk products, as the shared component update can be applied independently.
Added: Jul 29, 2025, 6:18 PM
Updated: Jul 29, 2025, 6:18 PM
Vulnerability Rating
Custom Algorithm
spread
6.6impact
10.0exploitability
4.4remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.