VYPR
High severity8.1NVD Advisory· Published Jan 22, 2026· Updated Jun 3, 2026

CVE-2026-0534

CVE-2026-0534

Description

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

Affected products

3
  • Autodesk/Fusion3 versions
    cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*range: <2606.1.21
    • cpe:2.3:a:autodesk:fusion:2603.0:*:*:*:*:*:*:*range: 2603.0
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.