CVE-2026-1284
📋 TL;DR
An out-of-bounds write vulnerability in SOLIDWORKS eDrawings allows attackers to execute arbitrary code when users open malicious EPRT files. This affects users of SOLIDWORKS Desktop 2025 through 2026. Successful exploitation could lead to complete system compromise.
💻 Affected Systems
- SOLIDWORKS eDrawings
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with administrative privileges, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to malware installation, data exfiltration, or persistence mechanisms on the affected workstation.
If Mitigated
Limited impact with proper application sandboxing, user privilege restrictions, and network segmentation preventing lateral movement.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file). No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SOLIDWORKS Service Pack releases after vulnerability disclosure
Vendor Advisory: https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1284
Restart Required: Yes
Instructions:
1. Open SOLIDWORKS
2. Go to Help > Check for Updates
3. Install latest service pack
4. Restart computer
🔧 Temporary Workarounds
Block EPRT file extensions
windowsPrevent opening of EPRT files via group policy or application control
Run with reduced privileges
windowsConfigure eDrawings to run with standard user privileges instead of administrative rights
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized execution
- Use network segmentation to isolate engineering workstations
🔍 How to Verify
Check if Vulnerable:
Check SOLIDWORKS version via Help > About SOLIDWORKS. If version is 2025 or 2026 without latest service pack, system is vulnerable.Check Version:
In SOLIDWORKS: Help > About SOLIDWORKSVerify Fix Applied:
Verify installed service pack version matches or exceeds the patched version mentioned in vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unexpected eDrawings process crashes
- EPRT file access from untrusted sources
- Unusual process spawning from eDrawings.exe
Network Indicators:
- Outbound connections from engineering workstations to suspicious IPs after EPRT file opening
SIEM Query:
Process Creation where Image contains 'eDrawings.exe' AND ParentImage contains 'explorer.exe' AND CommandLine contains '.eprt'