CVE-2026-1288
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A maliciously crafted RFA file, when converted to FormIt in Autodesk Revit, can trigger a NULL pointer dereference. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
Risk Assessment
An attacker can remotely crash Autodesk Revit, disrupting design teams and potentially causing loss of unsaved work.
Recommendation
Immediately update Autodesk Revit to the latest patched version and avoid converting RFA files from untrusted sources.
Original NVD description (English source)
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

