CVE-2026-7858
Deserialization Flaw in Teamwork Cloud Allows RCE
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Dassault Systèmes
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| no_magic | teamwork_cloud | From 2022x (inc) to 2026x (inc) |
| catia_magic | magic_collaboration_studio | From 2022x (inc) to 2026x (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7858 is a Deserialization of Untrusted Data vulnerability that affects Dassault Systèmes Teamwork Cloud and Magic Collaboration Studio products. This vulnerability exists in releases from 2022x through 2026x.
It allows an attacker to execute remote code without authentication by exploiting the way these products deserialize data that is not trusted.
How can this vulnerability impact me? :
This vulnerability can have a critical impact as it allows unauthenticated remote code execution, meaning an attacker can run arbitrary code on the affected system without needing to log in.
Such an exploit could lead to full system compromise, data theft, data corruption, or disruption of services.