Trimble CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review Trimble CVE published 2026-05-22

CVE-2026-9264

CVE-2026-9264 describes a cross-site scripting issue in SketchUp 2026’s Dynamic Components feature. The record says a maliciously crafted SKP file may abuse the component options window and embedded browser context, with reported impact that could include arbitrary command execution and local file exfiltration. Treat this as a high-risk file-parsing flaw until the vendor advisory and affected-version deta [truncated]

Known exploited Trimble CVE published 2025-02-07

CVE-2025-0994

CVE-2025-0994 is a Trimble Cityworks deserialization vulnerability that CISA added to the Known Exploited Vulnerabilities catalog on 2025-02-07. The authoritative sources supplied here do not provide a CVSS score or deeper technical details, but the KEV listing means defenders should treat it as an urgent remediation item and follow vendor mitigation guidance immediately.