Browse all 3 CVE security advisories affecting Bentley Systems. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bentley Systems develops infrastructure engineering software for designing, constructing, and operating transportation, building, and utility projects. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure default configurations. While no major public security incidents have been widely reported, the company maintains a moderate CVE count with three active records. Their security posture typically involves regular patch releases and vulnerability disclosure programs, though legacy products may exhibit weaker security controls compared to newer offerings.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-35383 | Bentley Systems iTwin Platform exposed access token — iTwin PlatformCWE-540 | 6.5 | Medium | 2026-04-02 |
| CVE-2022-41613 | Bentley Systems MicroStation 缓冲区错误漏洞 — MicroStation ConnectCWE-125 | 7.8 | High | 2023-01-06 |
| CVE-2022-40201 | Bentley Systems MicroStation 安全漏洞 — MicroStation ConnectCWE-121 | 7.8 | High | 2023-01-06 |
This page lists every published CVE security advisory associated with Bentley Systems. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.