CVE-2026-0662 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2026-0662?

CVE-2026-0662 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious project directories in Autodesk 3ds Max. The attack exploits an untrusted search path issue where the application loads libraries from user-controlled locations. Users of Autodesk 3ds Max who open files from untrusted sources are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious project directories in Autodesk 3ds Max. The attack exploits an untrusted search path issue where the application loads libraries from user-controlled locations. Users of Autodesk 3ds Max who open files from untrusted sources are affected.

💻 Affected Systems

Products:

Autodesk 3ds Max

Versions: Specific versions not specified in advisory, but likely multiple recent versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction to open malicious project files

📦 What is this software?

3ds Max by Autodesk

View all CVEs affecting 3ds Max →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the 3ds Max process, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware installation on the user's workstation when opening malicious project files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open files from trusted sources and proper application sandboxing is implemented.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to get user to open malicious project directory

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002

Restart Required: Yes

Instructions:

1. Open Autodesk Access or Autodesk Desktop App
2. Check for available updates
3. Install the latest security update for 3ds Max
4. Restart 3ds Max after installation

🔧 Temporary Workarounds

Restrict project file sources

all

Only open 3ds Max project files from trusted, verified sources

Run with reduced privileges

windows

Run 3ds Max with standard user privileges instead of administrator rights

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Use endpoint detection and response (EDR) solutions to monitor for suspicious process behavior

🔍 How to Verify

Check if Vulnerable:

Check if running a vulnerable version of 3ds Max by comparing version against patched releases in vendor advisory

Check Version:

In 3ds Max: Help → About 3ds Max

Verify Fix Applied:

Verify 3ds Max version is updated to patched version specified in Autodesk advisory

📡 Detection & Monitoring

Log Indicators:

Unusual process spawning from 3ds Max executable
DLL loading from unusual directories

Network Indicators:

Unexpected outbound connections from 3ds Max process

SIEM Query:

Process creation where parent process contains '3dsmax.exe' AND (command line contains suspicious parameters OR image path contains user directories)

📊 Metadata

CVE ID: CVE-2026-0662

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-426

EPSS Score: 0.02% exploit probability (5.3th percentile)

Published: February 4, 2026

Last Updated: February 6, 2026

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0662, you might also want to check these: