CVE-2026-7858 - Vulnerability Details - OpenCVE

A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858

History

Mon, 01 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.
Title		Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x
Weaknesses		CWE-502
References		https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: 3DS

Published: 2026-06-01T07:45:34.201Z

Updated: 2026-06-01T07:45:34.201Z

Reserved: 2026-05-05T11:42:41.151Z

Link: CVE-2026-7858

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-01T09:16:20.990

Modified: 2026-06-01T09:16:20.990

Link: CVE-2026-7858

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7858", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2026-05-05T11:42:41.151Z", "datePublished": "2026-06-01T07:45:34.201Z", "dateUpdated": "2026-06-01T07:45:34.201Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2026-06-01T07:45:34.201Z"}, "title": "Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "type": "CWE"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Standard Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "lessThanOrEqual": "No Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Business Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "lessThanOrEqual": "No Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Business Pro Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "lessThanOrEqual": "No Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Enterprise Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "lessThanOrEqual": "No Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Magic Collaboration Studio", "versions": [{"status": "affected", "version": "CATIA Magic Release 2022x Golden", "lessThanOrEqual": "CATIA Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "CATIA Magic Release 2024x Golden", "lessThanOrEqual": "CATIA Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "CATIA Magic Release 2026x Golden", "lessThanOrEqual": "CATIA Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Tyler Harkness", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}