CVE-2026-3476

7.8 HIGH

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arb...

Published: 2026-03-16 · Last updated: 2026-06-08

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-94

Affected products

Vendor	Product
3ds	solidworks

Description

A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-3476
[Vendor advisory]https://www.3ds.com/trust-center/security/security-advisories/cve-2026-3476

Related CVEs

Same CWE

CVE-2026-24155 — NVIDIA NeMo Framework for all platforms contains a code injection vulnerability (7.8 HIGH)
CVE-2026-49774 — Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion (9.9 CRITICAL)
CVE-2026-48017 — DbGate is cross-platform database manager (8.8 HIGH)
CVE-2026-48836 — Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions (10.0 CRITICAL)
CVE-2026-48124 — Cursor is a code editor built for programming with AI