VYPR

Fusion

by Autodesk

CVEs (8)

  • CVE-2026-0535HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.01

    A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or…

  • CVE-2026-0534HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.00

    A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute…

  • CVE-2026-0533HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.01

    A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…

  • CVE-2026-4369HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage…

  • CVE-2026-4345HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary…

  • CVE-2026-4344HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…

  • CVE-2025-10244Sep 23, 2025
    risk 0.00cvss epss 0.00

    A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the…

  • CVE-2022-27873Jul 29, 2022
    risk 0.00cvss epss 0.00

    An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage…