eDrawings uninitialized memory read (CVE-2026-1333)

Vendor-confirmed - CVE-2026-1333 is a high remote code execution vulnerability in SOLIDWORKS eDrawings 2025 through 2026 that uninitialized memory in EPRT file parsing grants an attacker full system compromise. Apply the official patch immediately.

Overview

A significant security vulnerability has been identified in SOLIDWORKS eDrawings, a widely used application for viewing and sharing 3D models and 2D drawings. This flaw could allow an attacker to take control of an affected system.

Vulnerability Explained in Simple Terms

The vulnerability exists in the part of the software that opens files with the .EPRT extension (eDrawings part files). Due to a programming oversight, a specific variable in this process is not properly set up or “initialized” before being used. When the software attempts to read this uninitialized data while opening a maliciously crafted EPRT file, it can confuse the program’s memory. An attacker can carefully design a file to exploit this confusion, tricking the software into running malicious code.

Impact on Affected Systems

The primary risk is remote code execution. If a user opens a specially crafted EPRT file, an attacker could execute arbitrary code on that user’s computer with the same permissions as the logged-in user. This could lead to:

• Full compromise of the affected workstation.
• Theft of sensitive design data or intellectual property.
• Installation of malware, ransomware, or backdoors.
• Lateral movement within a corporate network.

Affected Versions: SOLIDWORKS eDrawings as included with SOLIDWORKS Desktop releases from 2025 through 2026.

Remediation and Mitigation Steps

Immediate action is required to protect your systems.

1. Primary Remediation: Apply the Official Patch The most effective solution is to apply the security update provided by Dassault Systèmes. Check for and install the official patch for your version of SOLIDWORKS through the SOLIDWORKS Customer Portal or your managed update service.

2. Critical Mitigation: User Awareness and Controls

• User Training: Immediately advise all users to exercise extreme caution with EPRT files. They should never open files received from untrusted or unexpected sources, even if they appear to come from a known contact.
• File Handling: Consider blocking .EPRT files at the email gateway if they are not routinely used in your workflow.
• Principle of Least Privilege: Ensure users do not operate with administrative privileges on their daily workstations. This can limit the impact of successful exploitation.

3. Network and System Monitoring Monitor networks for unusual outbound connections or process executions originating from engineering workstations, which could indicate a successful compromise.

Summary

This high-severity vulnerability underscores the importance of treating engineering design files as potential attack vectors. Prioritize applying the official patch from the vendor and reinforce safe file-handling practices among all users who work with SOLIDWORKS eDrawings.