CVE-2026-1333
📋 TL;DR
A Use of Uninitialized Variable vulnerability in SOLIDWORKS eDrawings allows attackers to execute arbitrary code when users open specially crafted EPRT files. This affects SOLIDWORKS Desktop 2025 through 2026 installations with eDrawings. Users who open untrusted EPRT files are at risk of complete system compromise.
💻 Affected Systems
- SOLIDWORKS eDrawings
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker gaining full control of the affected machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Remote code execution with the privileges of the user opening the malicious file, allowing installation of malware, data exfiltration, or persistence mechanisms.
If Mitigated
Limited impact if proper application whitelisting and file validation controls prevent execution of malicious payloads.
🎯 Exploit Status
Exploitation requires user interaction to open malicious EPRT file. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SOLIDWORKS Service Pack updates for 2025 and 2026 releases
Vendor Advisory: https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1333
Restart Required: Yes
Instructions:
1. Open SOLIDWORKS. 2. Go to Help > Check for Updates. 3. Install all available Service Pack updates. 4. Restart the application and system as prompted.
🔧 Temporary Workarounds
Block EPRT file extensions
windowsPrevent opening of EPRT files via group policy or endpoint protection
Group Policy: Computer Configuration > Policies > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules > New Path Rule: Path: *.eprt, Security Level: Disallowed
Disable eDrawings file preview
windowsPrevent automatic rendering of EPRT files in Windows Explorer
reg add "HKCU\Software\Classes\.eprt" /v "PerceivedType" /t REG_SZ /d "" /f
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized code execution
- Educate users to never open EPRT files from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check SOLIDWORKS version: Open SOLIDWORKS > Help > About SOLIDWORKS. If version is 2025 or 2026 without latest Service Pack, system is vulnerable.Check Version:
In SOLIDWORKS: Help > About SOLIDWORKSVerify Fix Applied:
Verify installed Service Pack level matches vendor's patched version in advisory. Test with known safe EPRT file to ensure proper rendering.📡 Detection & Monitoring
Log Indicators:
- Windows Application logs showing eDrawings crashes
- Process creation events for unexpected executables after eDrawings launch
Network Indicators:
- Outbound connections from eDrawings process to unknown IPs
- DNS requests for suspicious domains after file open
SIEM Query:
Process Creation where (Image contains 'edrawings' OR ParentImage contains 'edrawings') AND CommandLine contains '.eprt'