CVE-2026-10094 PUBLISHED

Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026

Assigner: 3DS
Reserved: 29.05.2026 Published: 17.06.2026 Updated: 17.06.2026

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Dassault Systèmes
Product	SOLIDWORKS Visualize
Versions	Default: unaffected affected from SOLIDWORKS Desktop Release 2024 SP0 to SOLIDWORKS Desktop Release 2024 SP5 (incl.) affected from SOLIDWORKS Desktop Release 2025 SP0 to SOLIDWORKS DesktopRelease 2025 SP5 (incl.) affected from SOLIDWORKS Desktop Release 2026 SP0 to SOLIDWORKS Desktop Release 2026 SP2.1 (incl.)

Credits

Andrea Petreschi finder

References

https://www.3ds.com/trust-center/security/security-advisories/cve-2026-10094

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE