CVE-2026-10094 3DS CVE debrief

Who should care

Administrators and users of SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 should be aware of this critical vulnerability and take necessary actions to secure their systems.

Technical summary

The CVE-2026-10094 vulnerability is a Path Traversal issue in SOLIDWORKS Visualize. It allows an attacker to write arbitrary files on the server by exploiting the vulnerability. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high severity level. The vulnerability is classified under CWE-22.

Defensive priority

high

Recommended defensive actions

• Update SOLIDWORKS Visualize to a version that is not affected by this vulnerability.
• Implement proper input validation and sanitization to prevent path traversal attacks.
• Restrict access to sensitive areas of the system to prevent exploitation.
• Monitor system logs for suspicious activity.
• Consider implementing a web application firewall (WAF) to detect and prevent attacks.
• Regularly review and update system configurations to ensure security best practices are followed.
• Isolate affected systems until they can be updated or patched.

Evidence notes

The information provided is based on the CVE record and NVD details. The CVE record was published on June 17, 2026, and the NVD details were last modified on June 17, 2026. The vendor of the affected product is likely 3DS, based on the reference provided.

Official resources