CVE-2026-0537 – A memory corruption vulnerability in Autodesk 3... (How to Fix)

Q: What is the severity of CVE-2026-0537?

CVE-2026-0537 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in Autodesk 3ds Max allows arbitrary code execution when processing malicious RGB files. This affects all users who open untrusted RGB files with vulnerable versions of 3ds Max. Attackers can gain control of the application process.

📋 TL;DR

A memory corruption vulnerability in Autodesk 3ds Max allows arbitrary code execution when processing malicious RGB files. This affects all users who open untrusted RGB files with vulnerable versions of 3ds Max. Attackers can gain control of the application process.

💻 Affected Systems

Products:

Autodesk 3ds Max

Versions: Versions prior to 2026.2

Operating Systems: Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations that process RGB files are vulnerable. No special configuration required.

📦 What is this software?

3ds Max by Autodesk

View all CVEs affecting 3ds Max →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary code execution with current user privileges, potentially leading to lateral movement, data theft, or ransomware deployment.

🟠

Likely Case

Local privilege escalation or malware installation on the affected workstation when a user opens a malicious RGB file.

🟢

If Mitigated

Limited to application crash or denial of service if execution is blocked by security controls.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious file, not directly network exploitable.

🏢 Internal Only: MEDIUM - Risk from phishing, shared drives, or compromised internal resources containing malicious files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to open malicious RGB file. No authentication bypass needed but requires social engineering or file placement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3ds Max 2026.2 or later

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002

Restart Required: Yes

Instructions:

1. Open Autodesk Desktop App or access.autodesk.com. 2. Check for updates. 3. Install 3ds Max 2026.2 or later. 4. Restart the application.

🔧 Temporary Workarounds

Block RGB file extensions

windows

Prevent processing of RGB files via group policy or application control.

Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.rgb, Security Level: Disallowed

Use application sandboxing

all

Run 3ds Max in isolated environment to limit impact.

🧯 If You Can't Patch

Restrict user permissions to limit damage from code execution
Implement application whitelisting to prevent unauthorized executables

🔍 How to Verify

Check if Vulnerable:

Check 3ds Max version via Help > About Autodesk 3ds Max. If version is earlier than 2026.2, system is vulnerable.

Check Version:

In 3ds Max: Help > About Autodesk 3ds Max

Verify Fix Applied:

Confirm version is 2026.2 or later in Help > About, then test with known safe RGB file to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes in Windows Event Logs (Event ID 1000)
Unexpected child processes spawned from 3dsmax.exe

Network Indicators:

Outbound connections from 3dsmax.exe to unexpected destinations

SIEM Query:

Process Creation: ParentImage: *3dsmax.exe AND (CommandLine: *powershell* OR CommandLine: *cmd*)

📊 Metadata

CVE ID: CVE-2026-0537

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.02% exploit probability (5.6th percentile)

Published: February 4, 2026

Last Updated: February 6, 2026

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0537, you might also want to check these: