FKIE_CVE-2026-0875

Vulnerability from fkie_nvd - Published: 2026-02-18 20:18 - Updated: 2026-02-20 15:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
psirt@autodesk.comhttps://www.autodesk.com/products/autodesk-access/overviewProduct
psirt@autodesk.comhttps://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004Vendor Advisory
Impacted products
Vendor Product Version
autodesk shared_components *
autodesk 3ds_max 2026
autodesk advance_steel 2026
autodesk autocad 2026
autodesk autocad_architecture 2026
autodesk autocad_electrical 2026
autodesk autocad_map_3d 2026
autodesk autocad_mechanical 2026
autodesk autocad_mep 2026
autodesk autocad_plant_3d 2026
autodesk civil_3d 2026
autodesk infraworks 2026
autodesk inventor 2026
autodesk revit 2026
autodesk revit_lt 2026
autodesk vault 2026
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autodesk:shared_components:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8D187E9-7605-4325-9B7D-0C227CD2F26F",
              "versionEndExcluding": "2026.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
              "matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
              "matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
    },
    {
      "lang": "es",
      "value": "Un archivo MODEL creado maliciosamente, cuando es analizado por ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de l\u00edmites. Un actor malicioso puede aprovechar esta vulnerabilidad para causar un fallo, causar corrupci\u00f3n de datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
    }
  ],
  "id": "CVE-2026-0875",
  "lastModified": "2026-02-20T15:09:30.523",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@autodesk.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-02-18T20:18:32.370",
  "references": [
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Product"
      ],
      "url": "https://www.autodesk.com/products/autodesk-access/overview"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004"
    }
  ],
  "sourceIdentifier": "psirt@autodesk.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "psirt@autodesk.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.