Skip to content
Threat Feed
high advisory

CVE-2026-7454 — Autodesk 3ds Max Memory Corruption Vulnerability via Malicious WRL File

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can trigger CVE-2026-7454, a memory corruption vulnerability allowing arbitrary code execution in the context of the current process.

CVE-2026-7454 is a memory corruption vulnerability affecting Autodesk 3ds Max. The vulnerability is triggered when the software parses a maliciously crafted WRL (VRML) file. Successful exploitation could allow an attacker to execute arbitrary code within the context of the 3ds Max process. The vulnerability stems from a buffer overflow (CWE-120) during the parsing of the WRL file. An attacker would need to entice a user to open a malicious WRL file within 3ds Max to trigger the vulnerability. This could lead to complete system compromise.

Attack Chain

  1. Attacker crafts a malicious WRL file designed to trigger a buffer overflow.
  2. Attacker delivers the malicious WRL file to a target user, likely via social engineering.
  3. The user opens the malicious WRL file in Autodesk 3ds Max.
  4. 3ds Max attempts to parse the WRL file.
  5. The crafted WRL file exploits a buffer overflow vulnerability (CVE-2026-7454) during the parsing process.
  6. The overflow overwrites memory, potentially including instruction pointers or other critical data.
  7. The attacker gains control of the execution flow.
  8. The attacker executes arbitrary code within the context of the 3ds Max process.

Impact

Successful exploitation of CVE-2026-7454 allows for arbitrary code execution. An attacker can leverage this vulnerability to install malware, steal sensitive data, or perform other malicious actions on the affected system. The severity is high, with a CVSS v3.1 score of 7.8, indicating significant potential for system compromise. The impact is limited to systems where Autodesk 3ds Max is installed and used to open untrusted WRL files.

Recommendation

  • Apply the security update provided by Autodesk to patch CVE-2026-7454; refer to the Autodesk security advisory https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006.
  • Deploy the Sigma rule “Detect Suspicious 3ds Max Process Creation” to detect potential exploitation attempts based on abnormal 3ds Max behavior.
  • Educate users about the risks of opening untrusted files, especially WRL files in Autodesk 3ds Max.

Detection coverage 2

Detect Suspicious 3ds Max Process Creation

medium

Detects CVE-2026-7454 exploitation — Detects unusual process creations by 3ds Max, potentially indicating code execution.

sigma tactics: execution techniques: T1059.001 sources: process_creation, windows

Detect WRL File Opening by 3ds Max

low

Detects CVE-2026-7454 exploitation — Monitors for 3ds Max opening WRL files, which could be malicious.

sigma tactics: initial_access techniques: T1566.001 sources: file_event, windows

Detection queries are available on the platform. Get full rules →