Autodesk Fusion vulnerabilities

CVE-2026-0533 [HIGH] CWE-79 CVE-2026-0533: A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation d A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the cur

CVE-2026-0534 [HIGH] CWE-79 CVE-2026-0534: A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

CVE-2026-0535 [HIGH] CWE-79 CVE-2026-0535: A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can t A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

CVE-2025-10244 [HIGH] CWE-79 CVE-2025-10244: A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can tr A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

CVE-2021-40162 [HIGH] CWE-125 CVE-2021-40162: A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be for A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

CVE-2021-40166 [HIGH] CWE-416 CVE-2021-40166: A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

CVE-2021-40164 [HIGH] CWE-787 CVE-2021-40164: A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerabi A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

CVE-2021-40163 [HIGH] CWE-787 CVE-2021-40163: A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files t A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

CVE-2021-40165 [HIGH] CWE-787 CVE-2021-40165: A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be use A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.