Primary

Context

Autodesk 3ds Max Untrusted Search Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability exists in Autodesk 3ds Max 2026, where a maliciously crafted project directory can lead to the execution of arbitrary code. This issue arises from an untrusted search path being used when opening .max files, allowing the code to run in the context of the current process.

Impact

Exploitation of this vulnerability could result in arbitrary code execution within the current process.

Remediation

Users are advised to update to Autodesk 3ds Max 2026.3.2, available through Autodesk Access or the Accounts Portal.

Added: Feb 4, 2026, 6:37 PM

Updated: Feb 4, 2026, 6:37 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.2

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

4.2

remediation

7.7

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Autodesk 3ds Max Untrusted Search Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Autodesk 3ds Max

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating