PatchSiren cyber security CVE debrief
CVE-2026-3476 Dassault Systèmes CVE debrief
CVE-2026-3476 is a Code Injection vulnerability in SOLIDWORKS Desktop from Release 2025 through Release 2026. An attacker could execute arbitrary code on the user's machine by opening a specially crafted file. The vulnerability has a CVSS score of 7.8 and is classified as HIGH severity.
- Vendor
- Dassault Systèmes
- Product
- SOLIDWORKS Desktop
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-16
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-03-16
- Advisory updated
- 2026-06-08
Who should care
Users of SOLIDWORKS Desktop from Release 2025 through Release 2026 should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is caused by a Code Injection issue in SOLIDWORKS Desktop. An attacker can exploit this vulnerability by creating a specially crafted file that, when opened, allows the execution of arbitrary code on the user's machine.
Defensive priority
HIGH
Recommended defensive actions
- Users should update to the latest version of SOLIDWORKS Desktop as soon as possible.
- Users should be cautious when opening files from unknown sources.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. The vendor advisory can be found at [ref-4].
Official resources
-
CVE-2026-3476 CVE record
CVE.org
-
CVE-2026-3476 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-3476 was published on 2026-03-16T14:19:48.130Z and modified on 2026-06-08T14:36:25.803Z.