{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7858", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2026-05-05T11:42:41.151Z", "datePublished": "2026-06-01T07:45:34.201Z", "dateUpdated": "2026-06-01T13:10:31.858Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2026-06-01T07:45:34.201Z"}, "title": "Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "type": "CWE"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Standard Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "lessThanOrEqual": "No Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Business Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "lessThanOrEqual": "No Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Business Pro Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "lessThanOrEqual": "No Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Enterprise Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "lessThanOrEqual": "No Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Magic Collaboration Studio", "versions": [{"status": "affected", "version": "CATIA Magic Release 2022x Golden", "lessThanOrEqual": "CATIA Magic Release 2022x Refresh2 HF3", "versionType": "custom"}, {"status": "affected", "version": "CATIA Magic Release 2024x Golden", "lessThanOrEqual": "CATIA Magic Release 2024x Refresh3 HF1", "versionType": "custom"}, {"status": "affected", "version": "CATIA Magic Release 2026x Golden", "lessThanOrEqual": "CATIA Magic Release 2026x Golden HF2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Tyler Harkness", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-01T13:10:19.818378Z", "id": "CVE-2026-7858", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T13:10:31.858Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-01T13:10:19.818378Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-01T13:10:27.399Z"}}], "cna": {"title": "Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tyler Harkness"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Standard Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2026x Golden HF2"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Business Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2026x Golden HF2"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Business Pro Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2026x Golden HF2"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Teamwork Cloud - Enterprise Edition", "versions": [{"status": "affected", "version": "No Magic Release 2022x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2022x Refresh2 HF3"}, {"status": "affected", "version": "No Magic Release 2024x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2024x Refresh3 HF1"}, {"status": "affected", "version": "No Magic Release 2026x Golden", "versionType": "custom", "lessThanOrEqual": "No Magic Release 2026x Golden HF2"}], "defaultStatus": "unaffected"}, {"vendor": "Dassault Syst\u00e8mes", "product": "Magic Collaboration Studio", "versions": [{"status": "affected", "version": "CATIA Magic Release 2022x Golden", "versionType": "custom", "lessThanOrEqual": "CATIA Magic Release 2022x Refresh2 HF3"}, {"status": "affected", "version": "CATIA Magic Release 2024x Golden", "versionType": "custom", "lessThanOrEqual": "CATIA Magic Release 2024x Refresh3 HF1"}, {"status": "affected", "version": "CATIA Magic Release 2026x Golden", "versionType": "custom", "lessThanOrEqual": "CATIA Magic Release 2026x Golden HF2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.", "supportingMedia": [{"type": "text/html", "value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2026-06-01T07:45:34.201Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7858", "state": "PUBLISHED", "dateUpdated": "2026-06-01T13:10:31.858Z", "dateReserved": "2026-05-05T11:42:41.151Z", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "datePublished": "2026-06-01T07:45:34.201Z", "assignerShortName": "3DS"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x and Magic Collaboration Studio from CATIA Magic Release 2022x through CATIA Magic Release 2026x could lead to an unauthenticated remote code execution."}], "id": "CVE-2026-7858", "lastModified": "2026-06-01T17:57:39.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}]}, "published": "2026-06-01T09:16:20.990", "references": [{"source": "3DS.Information-Security@3ds.com", "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-7858"}], "sourceIdentifier": "3DS.Information-Security@3ds.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}]}

{}