CVE-2026-1288— RFA File Parsing Vulnerability in Autodesk Revit
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-1288
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RFA File Parsing Vulnerability in Autodesk Revit
Source: NVD (National Vulnerability Database)
Vulnerability Description
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
空指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
autodesk revit 异常处理不当漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Autodesk revit是美国Autodesk公司的一款建筑信息建模软件。 autodesk revit 2027.1.0之前版本、2026.4.1之前版本、2025.4.5之前版本和2024.3.5之前版本存在异常处理不当漏洞,该漏洞源于特制RFA文件在被转换为FormIt时存在空指针取消引用,可能导致应用程序崩溃,从而造成拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-1288
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-1288
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-1288 (1)
- 🔗 Security Advisories | Autodesk | adsk-sa-2026-0007vendor-advisory
IV. Related Vulnerabilities
Same product: Revit
- CVE-2025-8354
RFA File Parsing Type Confusion Vulnerability - CVE-2025-8894
PDF File Parsing Heap-Based Buffer Overflow Vulnerability - CVE-2025-8893
PDF File Parsing Out-of-Bounds Write Vulnerability - CVE-2025-5042
RFA File Parsing Out-of-Bounds Read Vulnerability - CVE-2025-5040
RTE File Parsing Heap-Based Overflow Vulnerability
Same vendor: Autodesk
- CVE-2026-7454
WRL File Parsing Memory Corruption in Autodesk 3ds Max - CVE-2026-7453
WRL File Parsing Memory Exhaustion in Autodesk 3ds Max - CVE-2026-7452
WRL File Parsing Memory Corruption in Autodesk 3ds Max - CVE-2026-7451
TIF File Parsing Out-of-Bounds Write in Autodesk 3ds Max - CVE-2026-7450
PAR File Parsing NULL Pointer Dereference in Autodesk 3ds Ma
Same weakness: CWE-476
- CVE-2026-48139
NULL pointer dereference vulnerability in NI grpc-device dat - CVE-2026-48985
pam_usb: NULL Dereference Crash in pusb_is_loginctl_local wh - CVE-2026-55204
HAProxy - NULL Pointer Dereference in hpack_dht_insert Funct - CVE-2025-7018
Avira antivirus engine null pointer dereference when scannin - CVE-2026-53463
ImageMagick: Null Pointer Dereference in distort operation w
V. Comments for CVE-2026-1288
No comments yet