CVE-2026-7858

Summary

A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesTeamwork Cloud - Standard EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2 HF3affected
Dassault SystèmesTeamwork Cloud - Standard EditionNo Magic Release 2024x Golden <= No Magic Release 2024x Refresh3 HF1affected
Dassault SystèmesTeamwork Cloud - Standard EditionNo Magic Release 2026x Golden <= No Magic Release 2026x Golden HF2affected
Dassault SystèmesTeamwork Cloud - Business EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2 HF3affected
Dassault SystèmesTeamwork Cloud - Business EditionNo Magic Release 2024x Golden <= No Magic Release 2024x Refresh3 HF1affected
Dassault SystèmesTeamwork Cloud - Business EditionNo Magic Release 2026x Golden <= No Magic Release 2026x Golden HF2affected
Dassault SystèmesTeamwork Cloud - Business Pro EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2 HF3affected
Dassault SystèmesTeamwork Cloud - Business Pro EditionNo Magic Release 2024x Golden <= No Magic Release 2024x Refresh3 HF1affected
Dassault SystèmesTeamwork Cloud - Business Pro EditionNo Magic Release 2026x Golden <= No Magic Release 2026x Golden HF2affected
Dassault SystèmesTeamwork Cloud - Enterprise EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2 HF3affected
Dassault SystèmesTeamwork Cloud - Enterprise EditionNo Magic Release 2024x Golden <= No Magic Release 2024x Refresh3 HF1affected
Dassault SystèmesTeamwork Cloud - Enterprise EditionNo Magic Release 2026x Golden <= No Magic Release 2026x Golden HF2affected
Dassault SystèmesMagic Collaboration StudioCATIA Magic Release 2022x Golden <= CATIA Magic Release 2022x Refresh2 HF3affected
Dassault SystèmesMagic Collaboration StudioCATIA Magic Release 2024x Golden <= CATIA Magic Release 2024x Refresh3 HF1affected
Dassault SystèmesMagic Collaboration StudioCATIA Magic Release 2026x Golden <= CATIA Magic Release 2026x Golden HF2affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References