What is CVE-2026-9264?

CVE-2026-9264 is a critical-severity vulnerability in Trimble Sketchup, classified under Code Injection. CVSS score: 9.3/10. Published 2026-05-22.

How severe is CVE-2026-9264?

Critical severity. CVSS v3 base score is 9.3 out of 10.

RCE in Trimble Sketchup

CVE-2026-9264

A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitizati…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.000 (9.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.3 (Critical). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Trimble Sketchup — versions 0

Weakness classification (CWE)

CWE-94 — Code Injection

References

4ac701fe-44e9-4bcd-9585-dd6449257611

Frequently asked questions

What is CVE-2026-9264?: CVE-2026-9264 is a critical-severity vulnerability in Trimble Sketchup, classified under Code Injection. CVSS score: 9.3/10. Published 2026-05-22.
How severe is CVE-2026-9264?: Critical severity. CVSS v3 base score is 9.3 out of 10.