01 · The Real Story
This is a booby-trapped CAD file, not a master key to your estate
CVE-2026-9264 is a malicious-file issue in SketchUp 2026's Dynamic Components feature. Per the CVE/NVD description, a crafted .skp file can abuse improper input sanitization in the Component Options window and the embedded IE11 browser path to execute code or read local files on the workstation that opens it. The vendor's release notes indicate the fix landed in SketchUp Desktop 2026.1.3 (26.1.256 Windows, 26.1.257 Mac), so the practical affected range is SketchUp 2026 builds before 2026.1.3.
The vendor's CRITICAL 9.3 label does not match enterprise reality. This is not remotely reachable over the network, not a server-side flaw, not broadly wormable, and not useful unless an attacker can get a target to open or process a malicious SketchUp file in a workflow that hits Dynamic Components. The impact on an individual design workstation can be severe, but the attacker-position requirement and narrow exposure population push this down to MEDIUM for most 10,000-host environments.
"Dangerous on a designer’s workstation, but not a fleet-wide emergency: this is a file-open bug, not an internet worm"
02 · The Attack Path
4 steps from start to impact.
STEP 01
Stage a malicious .skp lure
The attacker prepares a crafted SketchUp model that carries the malicious Dynamic Components payload. In practice this is a delivery problem first: the file has to arrive through email, shared storage, supplier exchange, chat, or a project portal. Weaponization appears to rely on SketchUp's handling of Dynamic Components metadata rather than an externally reachable service.
Conditions required:
- Attacker can deliver a SketchUp file to a target user
- Target organization actually uses SketchUp 2026
- The recipient handles untrusted external models in normal workflow
Where this breaks in practice:
- SketchUp is a niche endpoint population, not a broad enterprise-wide surface
- Many enterprises do not permit arbitrary CAD files from the internet directly onto endpoints
- Mail gateways and content-disarm workflows often intercept uncommon attachments or shared-link lures
Detection/coverage: Generic email/web controls may catch the delivery, but most vuln scanners will not see this until host software inventory is correlated with installed SketchUp versions.
STEP 02
Trigger Dynamic Components parsing
The target has to open the malicious
.skp in a vulnerable SketchUp 2026 build and reach the Dynamic Components code path. Although the CVE text says 'without user interaction,' the attack still depends on somebody opening the file or otherwise processing it locally; this is a classic local file-open exploitation pattern, not zero-click network exploitation.Conditions required:
- SketchUp 2026 prior to 2026.1.3 is installed
- Dynamic Components functionality is present and exercised
- The malicious file is opened on the target workstation
Where this breaks in practice:
- This is post-delivery and post-user-action even if the payload auto-runs after file open
- Only a subset of SketchUp users actively use Dynamic Components-heavy content
- Sandboxed preview pipelines or detached review VMs can break the path before end-user execution
Detection/coverage: EDR may show
SketchUp.exe spawning unusual child processes or accessing suspicious local files. Traditional perimeter scanners have no direct visibility into the trigger condition.STEP 03
Exploit the embedded browser path
Per NVD, the vulnerable path leverages an embedded Internet Explorer 11 browser in the component options window. The attacker abuses improper sanitization to run script in that context and pivot toward local command execution or local file reads, likely through legacy browser-integrated behaviors rather than a clean native-memory exploit chain.
Conditions required:
- The vulnerable UI path is reachable on that host
- The host permits the legacy browser-assisted behavior needed by the payload
- Endpoint policy does not fully neuter the follow-on process/script capability
Where this breaks in practice:
- Anything depending on IE11-era behavior is brittle in modern locked-down enterprise images
- WDAC, AppLocker, Attack Surface Reduction, and child-process controls can break follow-on execution
- The exploitation environment is less deterministic than a simple memory-corruption RCE
Detection/coverage: High-fidelity telemetry exists if EDR monitors browser-child process activity, script engines, LOLBins, or unexpected file reads spawned from SketchUp.
STEP 04
Land code execution or data theft in user context
If the chain completes, impact is on the current user's workstation context: local file exfiltration and possibly arbitrary command execution. That is serious for architects, engineers, and product teams holding sensitive models, but the blast radius is still bounded by which user opened the file and what that user can access.
Conditions required:
- Successful exploitation of the embedded-browser path
- Useful files or privileges exist in the victim user's context
- Outbound exfiltration or follow-on command execution is permitted
Where this breaks in practice:
- User-context compromise is not the same as domain-wide compromise
- Network egress controls, DLP, and EDR containment can limit damage
- Sensitive data may sit in managed repositories rather than broad local access
Detection/coverage: EDR/DLP should see suspicious child processes, archive creation, staging in temp folders, or anomalous outbound connections. Nessus-style scanners can flag vulnerable versions but cannot validate exploitability on a given project file.
03 · Intelligence Metadata
The supporting signals.
| In-the-wild status | No public exploitation evidence found in the sources checked, and not listed in CISA KEV. |
|---|---|
| KEV status | Not in KEV as of the CISA Known Exploited Vulnerabilities Catalog checked during this assessment. |
| Proof-of-concept availability | No public PoC repo or exploit write-up found in quick-source checks. That does not mean exploitation is impossible; it means there is no obvious commodity weaponization signal yet. |
| EPSS | User-supplied EPSS is 0.0003 (~0.03%), which is effectively *background noise*. Percentile was not authoritatively retrieved from the sources checked. |
| CVSS vector reality check | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H materially overstates enterprise reachability. AV:L already tells you this is a local endpoint issue, and the UI:N claim conflicts with the malicious-file delivery model described by NVD. |
| Affected versions | Practical affected range is SketchUp Desktop 2026 before 2026.1.3, based on vendor release notes calling out a Dynamic Components security fix in 26.1.256 (Windows) / 26.1.257 (Mac). |
| Fixed versions | Vendor fix appears in SketchUp Desktop 2026.1.3: 26.1.256 on Windows and 26.1.257 on Mac. |
| Exposure/scanning reality | Shodan/Censys/FOFA are basically irrelevant here because this is a desktop file-handling/UI issue, not an externally exposed network service. Exposure should be measured via software inventory of design endpoints, not internet scans. |
| Disclosure timeline | CVE record was published around 2026-05-21/2026-05-22; vendor fix was already present in release notes dated 2026-04-16 for SketchUp 2026.1.3. |
| Reporting source | The CVE record source is Bugcrowd Inc.; no researcher name was exposed in the sources reviewed. |
04 · The Call
noisgate verdict.
Final Verdict
↓ DOWNGRADED to MEDIUM (5.8/10)
The decisive downshift is attacker position: this bug only matters after an attacker gets a target user on a vulnerable SketchUp workstation to open a malicious model. That sharply narrows the reachable population and turns a scary technical impact into a contained endpoint risk rather than a fleet-wide crisis.
HIGH This is **not** an internet-exposed, wormable enterprise-wide emergency
MEDIUM Affected-version mapping to **pre-2026.1.3** based on vendor release notes
MEDIUM Exploit-chain details beyond the public CVE description
Why this verdict
- Attacker position required: this starts with a malicious
.skpdelivery to a user on a SketchUp workstation, which implies phishing, partner-file exchange abuse, or another prior access stage before the vuln matters - Reachable population is narrow: only organizations running SketchUp 2026, and more specifically endpoints that open Dynamic Components content, are in scope; that is a tiny subset of a normal 10,000-host estate
- Modern controls add real friction: email security, file reputation, EDR child-process controls, WDAC/AppLocker, and DLP can all interrupt the chain before or after file open
- Threat telemetry is weak: no KEV listing, no public exploitation evidence found, and EPSS is near zero
- Blast radius is workstation-bound: even with code execution, the default impact is the rights and data of the user who opened the file, not unauthenticated takeover of a shared service
Why not higher?
A higher rating would require either strong active exploitation evidence, broad exposure, or a no-touch path into many hosts. We do not have that here. This is a file-open bug in a specialist desktop application, so the attacker has to win delivery and target the right user population first.
Why not lower?
Do not dismiss it as mere nuisance XSS. The public description explicitly claims local file exfiltration and command execution potential through the embedded browser path, which makes compromise of an individual designer workstation plausible. If your business exchanges SketchUp models with customers, suppliers, or public sources, the user-targeting surface is real.
05 · Compensating Control
What to do — in priority order.
- Gate external
.skpfiles — Route externally sourced SketchUp models through a review mailbox, sandbox, or isolated staging VM before they reach production workstations. For a MEDIUM verdict there is no noisgate mitigation SLA; apply this where exposure is highest and keep it in place until remediation is complete. - Prioritize design endpoints in EDR policy — Create detections for
SketchUp.exespawning script engines, shell interpreters, or unexpected child processes, and alert on unusual local file harvesting after SketchUp opens a model. There is no mitigation SLA for MEDIUM — use this as risk reduction while you work through the normal remediation window. - Restrict unapproved child-process execution — Use WDAC, AppLocker, or equivalent endpoint controls to limit what can launch from user space and which LOLBins are allowed on engineering workstations. This directly attacks the claimed command-execution portion of the chain and is worth deploying on high-value design users even without a formal mitigation deadline.
- Segment high-value model repositories — Keep sensitive project stores behind least-privilege access and DLP controls so a compromised designer workstation cannot freely exfiltrate every model share it can browse. For this MEDIUM case, there is no mitigation SLA — go straight to hardening where practical and patch inside the remediation window.
What doesn't work
- A perimeter WAF does nothing here because there is no inbound web application path to protect
- Internet-exposure scanning with Shodan/Censys/FOFA does not measure risk for this bug; the vulnerable surface is local desktop software inventory
- Generic browser patching alone is not sufficient; the issue is in SketchUp's embedded Dynamic Components path, so you still need the vendor's SketchUp fix
06 · Verification
Crowdsourced verification payload.
Run this on the target workstation itself or through your endpoint management agent. Invoke it as python3 check_sketchup_cve_2026_9264.py on macOS/Linux-hosted Python or py check_sketchup_cve_2026_9264.py on Windows; standard user rights are usually enough, though Windows registry access is more reliable with local read access to HKLM.
#!/usr/bin/env python3
# check_sketchup_cve_2026_9264.py
# Detect likely exposure to CVE-2026-9264 on Windows/macOS SketchUp endpoints.
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN
import os
import sys
import platform
import plistlib
def parse_version(v):
parts = []
for p in str(v).strip().split('.'):
try:
parts.append(int(p))
except ValueError:
num = ''.join(ch for ch in p if ch.isdigit())
parts.append(int(num) if num else 0)
return tuple(parts)
def cmp_ver(a, b):
la = list(a)
lb = list(b)
n = max(len(la), len(lb))
la.extend([0] * (n - len(la)))
lb.extend([0] * (n - len(lb)))
return (la > lb) - (la < lb)
def check_windows():
try:
import winreg
except Exception:
return None, 'winreg unavailable'
uninstall_roots = [
(winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'),
(winreg.HKEY_LOCAL_MACHINE, r'SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall'),
(winreg.HKEY_CURRENT_USER, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall'),
]
findings = []
for root, path in uninstall_roots:
try:
with winreg.OpenKey(root, path) as k:
for i in range(winreg.QueryInfoKey(k)[0]):
try:
subname = winreg.EnumKey(k, i)
with winreg.OpenKey(k, subname) as sk:
display_name = winreg.QueryValueEx(sk, 'DisplayName')[0] if True else ''
try:
display_version = winreg.QueryValueEx(sk, 'DisplayVersion')[0]
except FileNotFoundError:
display_version = ''
if display_name and 'SketchUp' in display_name and '2026' in display_name:
findings.append((display_name, display_version))
except FileNotFoundError:
continue
except OSError:
continue
except FileNotFoundError:
continue
except OSError:
continue
if not findings:
return None, 'SketchUp 2026 not found in uninstall registry'
# Windows fixed version from vendor release notes: 26.1.256
fixed = parse_version('26.1.256')
for name, ver in findings:
pv = parse_version(ver)
if not pv:
continue
if cmp_ver(pv, parse_version('26.0.0')) >= 0 and cmp_ver(pv, fixed) < 0:
return True, f'{name} {ver} < 26.1.256'
if cmp_ver(pv, fixed) >= 0:
return False, f'{name} {ver} >= 26.1.256'
return None, 'SketchUp 2026 found but version could not be classified'
def check_macos():
app_path = '/Applications/SketchUp 2026/SketchUp.app/Contents/Info.plist'
if not os.path.exists(app_path):
return None, 'SketchUp 2026 app bundle not found'
try:
with open(app_path, 'rb') as f:
info = plistlib.load(f)
ver = info.get('CFBundleShortVersionString') or info.get('CFBundleVersion')
if not ver:
return None, 'Version not found in Info.plist'
pv = parse_version(ver)
fixed = parse_version('26.1.257')
if cmp_ver(pv, parse_version('26.0.0')) >= 0 and cmp_ver(pv, fixed) < 0:
return True, f'SketchUp 2026 macOS {ver} < 26.1.257'
if cmp_ver(pv, fixed) >= 0:
return False, f'SketchUp 2026 macOS {ver} >= 26.1.257'
return None, f'Unclassified version: {ver}'
except Exception as e:
return None, f'Failed to read Info.plist: {e}'
def main():
system = platform.system().lower()
if system == 'windows':
vulnerable, detail = check_windows()
elif system == 'darwin':
vulnerable, detail = check_macos()
else:
print('UNKNOWN - Unsupported OS for this check')
sys.exit(2)
if vulnerable is True:
print(f'VULNERABLE - {detail}')
sys.exit(1)
elif vulnerable is False:
print(f'PATCHED - {detail}')
sys.exit(0)
else:
print(f'UNKNOWN - {detail}')
sys.exit(2)
if __name__ == '__main__':
main()
07 · Bottom Line
If you remember one thing.
TL;DR
Monday morning, treat this as a targeted workstation risk for your design population, not a fleet-wide fire drill. Identify all SketchUp 2026 endpoints, especially teams that exchange external
.skp files, and validate whether they are already at 2026.1.3 or later; for a MEDIUM verdict there is no noisgate mitigation SLA — go straight to the 365-day remediation window, but if you have high-risk supplier/customer file exchange you should still put temporary file-handling guardrails in place now. Your noisgate remediation SLA is ≤365 days to land the actual vendor update, with risk-first prioritization on externally facing design workflows rather than blanket emergency patching across all 10,000 hosts.Sources
Peer Review
What defenders are saying.
Submit a review
attribution: handle + country only
0 flags selected · stored anonymously
Validation Results
Crowdsourced verification outputs.
Results submitted by users who ran the verification payload against their environment.