CVE Catalog

CVE-2026-1288

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A maliciously crafted RFA file, when converted to FormIt in Autodesk Revit, can trigger a NULL pointer dereference. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

Risk Assessment

An attacker can remotely crash Autodesk Revit, disrupting design teams and potentially causing loss of unsaved work.

Recommendation

Immediately update Autodesk Revit to the latest patched version and avoid converting RFA files from untrusted sources.

Original NVD description (English source)

A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS