CVE-2026-7451 Autodesk CVE debrief

Who should care

Organizations using Autodesk 3ds Max 2026 or 2027 for 3D modeling and rendering; security teams managing creative software deployments; incident response teams monitoring for memory corruption indicators in design applications.

Technical summary

CVE-2026-7451 is an Out-of-Bounds Write (CWE-787) vulnerability in Autodesk 3ds Max affecting versions 2026 and 2027. The flaw occurs during parsing of maliciously crafted TIF image files, enabling attackers to corrupt memory and potentially execute arbitrary code within the current process context. The vulnerability requires local access and user interaction (opening a malicious file) but grants high impact across confidentiality, integrity, and availability. No known exploitation in the wild has been reported.

Defensive priority

HIGH

Recommended defensive actions

• Apply security updates from Autodesk per advisory ADSK-SA-2026-0006
• Restrict 3ds Max file parsing to trusted TIF sources only
• Enable endpoint protection with memory corruption detection
• Monitor for anomalous 3ds Max process crashes or unexpected outbound connections
• Review and restrict user permissions to limit impact of potential code execution

Evidence notes

CVE published 2026-05-26; NVD analyzed status; vendor advisory ADSK-SA-2026-0006 confirms affected versions 2026 and 2027; CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H indicates local attack vector with user interaction required but high impact on confidentiality, integrity, and availability; CWE-787 Out-of-Bounds Write root cause.

Official resources