Primary

Context

Autodesk 3ds Max NULL Pointer Dereference Vulnerability Allowing Denial-of-Service

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in Autodesk 3ds Max versions 2026 and 2027. This vulnerability can be triggered by a maliciously crafted PAR file, which, when parsed by the application, causes the software to crash. This exploitation leads to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes the application to crash, creating a denial-of-service condition.

Remediation

Users are advised to update to Autodesk 3ds Max versions 2026.1 or 2027.1, available through the Autodesk Access application or the Accounts Portal.

Added: May 26, 2026, 10:30 PM

Updated: May 26, 2026, 10:30 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.2

remediation

7.9

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

4.2

remediation

7.9

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Autodesk 3ds Max NULL Pointer Dereference Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Autodesk 3ds Max

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating