Vulnerability Details CVE-2026-1288
A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 1.9%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2026-1288
-
cpe:2.3:a:autodesk:revit:*
-
cpe:2.3:a:autodesk:revit:2024
-
cpe:2.3:a:autodesk:revit:2024.0.2
-
cpe:2.3:a:autodesk:revit:2024.1
-
cpe:2.3:a:autodesk:revit:2024.1.1
-
cpe:2.3:a:autodesk:revit:2024.1.7
-
cpe:2.3:a:autodesk:revit:2024.2
-
cpe:2.3:a:autodesk:revit:2024.2.1
-
cpe:2.3:a:autodesk:revit:2024.2.2
-
cpe:2.3:a:autodesk:revit:2024.3
-
cpe:2.3:a:autodesk:revit:2024.3.1
-
cpe:2.3:a:autodesk:revit:2024.3.2
-
cpe:2.3:a:autodesk:revit:2024.3.3
-
cpe:2.3:a:autodesk:revit:2025
-
cpe:2.3:a:autodesk:revit:2025.1
-
cpe:2.3:a:autodesk:revit:2025.1.2
-
cpe:2.3:a:autodesk:revit:2025.2
-
cpe:2.3:a:autodesk:revit:2025.3
-
cpe:2.3:a:autodesk:revit:2025.4
-
cpe:2.3:a:autodesk:revit:2025.4.1
-
cpe:2.3:a:autodesk:revit:2025.4.2
-
cpe:2.3:a:autodesk:revit:2025.4.3
-
cpe:2.3:a:autodesk:revit:2026
-
cpe:2.3:a:autodesk:revit:2026.0.1
-
cpe:2.3:a:autodesk:revit:2026.0.2
-
cpe:2.3:a:autodesk:revit:2026.1
-
cpe:2.3:a:autodesk:revit:2026.2
-
cpe:2.3:a:autodesk:revit:2026.3