Code Injection Issue in SOLIDWORKS Desktop by Dassault Systèmes
CVE-2026-3476

7.8HIGH

Key Information:

Vendor: Dassault Systèmes
Status: Solidworks Desktop
Vendor: CVE Published:; 16 March 2026

🔔 Create Dassault Systèmes Vulnerability Alert

What is CVE-2026-3476?

A code injection vulnerability exists in SOLIDWORKS Desktop across versions 2025 and 2026, which can allow an attacker to execute arbitrary code on a user's machine when opening specially crafted files. Users of SOLIDWORKS are advised to remain vigilant and apply necessary security updates to mitigate this risk.

Affected Version(s)

SOLIDWORKS Desktop Release 2025 SP0

SOLIDWORKS Desktop Release 2026 SP0

References

https://www.3ds.com/trust-center/security/security-adviso...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Mar 3, 2026

Credit

Simón Marcote

CVE-2026-3476 Data

JSON