CVE-2026-5120
Dassault Systèmes (BIOVIA) · BIOVIA Workbook
BIOVIA Workbook releases 2021 through 2026 contain a race condition that may allow an authenticated user to access unauthorized data belonging to other users.
Executive summary
A race condition vulnerability in BIOVIA Workbook (2021-2026) poses a significant risk of unauthorized data exposure between authenticated users.
Vulnerability
This is a race condition vulnerability occurring within the application's data handling processes. It allows an authenticated user to gain unauthorized access to data belonging to other users by exploiting timing discrepancies in the system's request processing.
Business impact
With a CVSS score of 8.1, this vulnerability is classified as High. The potential for cross-user data leakage in a laboratory or research environment, such as BIOVIA Workbook, could result in the compromise of intellectual property, regulatory non-compliance, and loss of competitive advantage.
Remediation
Immediate Action: Apply the latest security updates or patches provided by Dassault Systèmes to address the identified race condition.
Proactive Monitoring: Monitor user activity logs for irregular access patterns or unauthorized data retrieval attempts by internal users.
Compensating Controls: Restrict access to the application to trusted users only and implement strict role-based access control (RBAC) to minimize the blast radius if an account is compromised.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The risk of unauthorized data access in research-centric environments is severe. Administrators must prioritize the deployment of vendor patches to remediate this race condition and protect sensitive organizational data from unauthorized inter-user access.