CVE-2026-5120

Dassault Systèmes (BIOVIA) · BIOVIA Workbook

BIOVIA Workbook releases 2021 through 2026 contain a race condition that may allow an authenticated user to access unauthorized data belonging to other users.

Executive summary

A race condition vulnerability in BIOVIA Workbook (2021-2026) poses a significant risk of unauthorized data exposure between authenticated users.

Vulnerability

This is a race condition vulnerability occurring within the application's data handling processes. It allows an authenticated user to gain unauthorized access to data belonging to other users by exploiting timing discrepancies in the system's request processing.

Business impact

With a CVSS score of 8.1, this vulnerability is classified as High. The potential for cross-user data leakage in a laboratory or research environment, such as BIOVIA Workbook, could result in the compromise of intellectual property, regulatory non-compliance, and loss of competitive advantage.

Remediation

Immediate Action: Apply the latest security updates or patches provided by Dassault Systèmes to address the identified race condition.

Proactive Monitoring: Monitor user activity logs for irregular access patterns or unauthorized data retrieval attempts by internal users.

Compensating Controls: Restrict access to the application to trusted users only and implement strict role-based access control (RBAC) to minimize the blast radius if an account is compromised.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The risk of unauthorized data access in research-centric environments is severe. Administrators must prioritize the deployment of vendor patches to remediate this race condition and protect sensitive organizational data from unauthorized inter-user access.