ByteOS Network

CVE Vulnerability Details :

CVE-2026-2101

PUBLISHED

More Info Official Page

Assigner-3DS

Assigner Org ID-f5a594e6-46a7-4e60-8a08-0a786e70e433

Published At-16 Feb, 2026 | 16:02

Updated At-16 Feb, 2026 | 16:02

▼CVE Numbering Authority (CNA)

Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19

A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.

Affected Products

Vendor

Dassault Systèmes S.E. (3DS)

Product

ENOVIAvpm Web Access

Default Status

unaffected

Versions

Affected

From ENOVIAvpm V1R16 Golden through ENOVIAvpm V1R16 SP6 (custom)
From ENOVIAvpm V1R17 Golden through ENOVIAvpm V1R17 SP5 (custom)
From ENOVIAvpm V1R18 Golden through ENOVIAvpm V1R18 SP3 (custom)
From ENOVIAvpm V1R19 Golden through ENOVIAvpm V1R19 SP1 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	8.7	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Version: 3.1

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

References

Hyperlink	Resource
https://www.3ds.com/trust-center/security/security-advisories/cve-2026-2101	N/A

Hyperlink: https://www.3ds.com/trust-center/security/security-advisories/cve-2026-2101

Resource: N/A

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References