CVE-2026-0874 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2026-0874?

CVE-2026-0874 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious CATPART files in affected Autodesk products. Users of Autodesk software that processes CATPART files are affected, particularly those in engineering and design roles.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious CATPART files in affected Autodesk products. Users of Autodesk software that processes CATPART files are affected, particularly those in engineering and design roles.

💻 Affected Systems

Products:

Autodesk products that parse CATPART files

Versions: Specific versions not detailed in provided references

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations that process CATPART files are vulnerable. Check vendor advisory for specific product/version details.

📦 What is this software?

Shared Components by Autodesk

View all CVEs affecting Shared Components →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the same privileges as the current user, potentially leading to full system compromise.

🟠

Likely Case

Application crash or data corruption from malicious files, with potential for limited code execution.

🟢

If Mitigated

Application crash only, with no code execution due to security controls like ASLR or DEP.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: See vendor advisory for specific patched versions

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004

Restart Required: Yes

Instructions:

1. Visit the Autodesk security advisory page
2. Identify affected products and versions
3. Download and apply the latest security updates
4. Restart affected applications

🔧 Temporary Workarounds

Block CATPART file extensions

all

Prevent processing of CATPART files at the system or network level

User awareness training

all

Train users not to open CATPART files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized code execution
Use network segmentation to isolate systems running vulnerable software

🔍 How to Verify

Check if Vulnerable:

Check installed Autodesk product versions against vendor advisory

Check Version:

Check within Autodesk application Help > About or use vendor-specific version checking tools

Verify Fix Applied:

Verify installed version matches or exceeds patched version from advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening CATPART files
Unexpected process termination events

Network Indicators:

Downloads of CATPART files from untrusted sources

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName contains 'Autodesk' AND ExceptionCode=0xC0000005

📊 Metadata

CVE ID: CVE-2026-0874

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 18, 2026

Last Updated: February 20, 2026

🔗 References

https://www.autodesk.com/products/autodesk-access/overview Product
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0874, you might also want to check these: