CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-0535

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.8%

CVSS Severity

CVSS v3 Score 7.1

References

https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg
https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0001

Products affected by CVE-2026-0535

Autodesk » Fusion » Version: Any

cpe:2.3:a:autodesk:fusion:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-0535

Products

Pricing

Contact Us