CVE-2026-4369

Name of the Vulnerable Software and Affected Versions Autodesk Fusion (affected versions not specified)

Description A stored Cross-site Scripting (XSS) issue exists when the application displays an assembly variant name during a delete confirmation dialog. A malicious actor can use a crafted HTML payload in the variant name to read local files or execute arbitrary code within the context of the current process if a user clicks the payload.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.