CVE-2026-1335
📋 TL;DR
An Out-Of-Bounds Write vulnerability in SOLIDWORKS eDrawings allows an attacker to execute arbitrary code by tricking a user into opening a malicious EPRT file. This affects users of SOLIDWORKS Desktop 2025 through 2026. Exploitation could lead to full system compromise.
💻 Affected Systems
- SOLIDWORKS eDrawings
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with arbitrary code execution, potentially leading to data theft, ransomware deployment, or lateral movement within a network.
Likely Case
Local privilege escalation or malware installation on the victim's machine, disrupting operations or stealing sensitive design files.
If Mitigated
Limited impact if systems are isolated, patched, or users avoid untrusted files, though residual risk of data loss or downtime may persist.
🎯 Exploit Status
Exploitation requires user interaction to open a crafted EPRT file, but no authentication is needed once the file is accessed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions (e.g., SOLIDWORKS Desktop 2026 SP1 or later).
Vendor Advisory: https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1335
Restart Required: Yes
Instructions:
1. Visit the vendor advisory URL for details. 2. Update SOLIDWORKS eDrawings to the latest patched version via the SOLIDWORKS update manager or download from the official website. 3. Restart the application or system as prompted.
🔧 Temporary Workarounds
Block EPRT file extensions
windowsPrevent opening of .EPRT files by blocking the file extension at the email gateway or endpoint.
Not applicable; configure via email security tools or group policy.
User awareness training
allEducate users to avoid opening EPRT files from untrusted sources.
Not applicable; implement training programs.
🧯 If You Can't Patch
- Restrict user permissions to limit the impact of arbitrary code execution.
- Isolate affected systems from critical networks and monitor for suspicious file activity.
🔍 How to Verify
Check if Vulnerable:
Check the SOLIDWORKS version in the application's 'Help' > 'About' menu; if it falls within 2025-2026 range, it is vulnerable.Check Version:
In SOLIDWORKS eDrawings, go to 'Help' > 'About' to view the version number.Verify Fix Applied:
After updating, confirm the version is above the patched release specified in the vendor advisory.📡 Detection & Monitoring
Log Indicators:
- Unexpected crashes of SOLIDWORKS eDrawings when opening files
- Process creation events from eDrawings with suspicious command lines
Network Indicators:
- Unusual outbound connections from systems running eDrawings after file opens
SIEM Query:
Example: 'process_name:eDrawings.exe AND event_type:process_creation AND command_line:*EPRT*'