CVE-2026-1288 - Vulnerability Details - OpenCVE

A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00107.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Autodesk	Revit

No data.

No data.

No data.

References

Link	Providers
https://www.autodesk.com/products/autodesk-access/overview
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0007

History

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Description		A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
Title		RFA File Parsing Vulnerability in Autodesk Revit
First Time appeared		Autodesk Autodesk revit
Weaknesses		CWE-476
CPEs		cpe:2.3:a:autodesk:revit:2024.3.5:::::::* cpe:2.3:a:autodesk:revit:2025.4.5:::::::* cpe:2.3:a:autodesk:revit:2026.4.1:::::::* cpe:2.3:a:autodesk:revit:2027.1:::::::*
Vendors & Products		Autodesk Autodesk revit
References		https://www.autodesk.com/products/autodesk-access/overview https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0007
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: autodesk

Published: 2026-06-17T15:27:54.195Z

Updated: 2026-06-17T17:30:51.745Z

Reserved: 2026-01-21T14:43:31.726Z

Link: CVE-2026-1288

Vulnrichment

Updated: 2026-06-17T17:30:39.356Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1288", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "state": "PUBLISHED", "assignerShortName": "autodesk", "dateReserved": "2026-01-21T14:43:31.726Z", "datePublished": "2026-06-17T15:27:54.195Z", "dateUpdated": "2026-06-17T17:30:51.745Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2026-06-17T15:27:54.195Z"}, "title": "RFA File Parsing Vulnerability in Autodesk Revit", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153: Input Data Manipulation"}]}], "affected": [{"vendor": "Autodesk", "product": "Revit", "versions": [{"status": "affected", "version": "2027.0.0", "lessThan": "2027.1.0", "versionType": "semver"}, {"status": "affected", "version": "2026.0.0", "lessThan": "2026.4.1", "versionType": "semver"}, {"status": "affected", "version": "2025.0.0", "lessThan": "2025.4.5", "versionType": "semver"}, {"status": "affected", "version": "2024.0.0", "lessThan": "2024.3.5", "versionType": "semver"}], "defaultStatus": "unaffected", "cpes": ["cpe:2.3:a:autodesk:revit:2027.1:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2026.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2025.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024.3.5:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted RFA file, when converted to FormIt via \u201cConvert RFA to FormIt\u201d in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A maliciously crafted RFA file, when converted to FormIt via \u201cConvert RFA to FormIt\u201d in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition."}]}], "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0007", "tags": ["vendor-advisory"]}, {"url": "https://www.autodesk.com/products/autodesk-access/overview", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-17T17:30:34.311655Z", "id": "CVE-2026-1288", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T17:30:51.745Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1288", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-17T17:30:34.311655Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T17:30:39.356Z"}}], "cna": {"title": "RFA File Parsing Vulnerability in Autodesk Revit", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153: Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:autodesk:revit:2027.1:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2026.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2025.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024.3.5:*:*:*:*:*:*:*"], "vendor": "Autodesk", "product": "Revit", "versions": [{"status": "affected", "version": "2027.0.0", "lessThan": "2027.1.0", "versionType": "semver"}, {"status": "affected", "version": "2026.0.0", "lessThan": "2026.4.1", "versionType": "semver"}, {"status": "affected", "version": "2025.0.0", "lessThan": "2025.4.5", "versionType": "semver"}, {"status": "affected", "version": "2024.0.0", "lessThan": "2024.3.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0007", "tags": ["vendor-advisory"]}, {"url": "https://www.autodesk.com/products/autodesk-access/overview", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A maliciously crafted RFA file, when converted to FormIt via \u201cConvert RFA to FormIt\u201d in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.", "supportingMedia": [{"type": "text/html", "value": "A maliciously crafted RFA file, when converted to FormIt via \u201cConvert RFA to FormIt\u201d in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2026-06-17T15:27:54.195Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1288", "state": "PUBLISHED", "dateUpdated": "2026-06-17T17:30:51.745Z", "dateReserved": "2026-01-21T14:43:31.726Z", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "datePublished": "2026-06-17T15:27:54.195Z", "assignerShortName": "autodesk"}, "dataVersion": "5.2"}