CVE-2026-5495

Name of the Vulnerable Software and Affected Versions Labcenter Proteus (affected versions not specified)

Description A crafted PDSPRJ file can trigger an out-of-bounds write in Labcenter Proteus file processing, potentially leading to memory corruption and remote code execution. The vendor has indicated that the product and installer are no longer in production and no fixes have been published, classifying affected installations as high risk. The attack vectors involve opening a crafted PDSPRJ file or visiting a webpage that triggers its processing. This can impact confidentiality, integrity, and availability.

Recommendations Do not open PDSPRJ files from untrusted sources. Remove or isolate Labcenter Proteus installations where possible. Apply application whitelisting and restrict execution privileges. Block or monitor email/web delivery of PDSPRJ files and monitor hosts for anomalous behavior.