CVE-2026-0534

Name of the Vulnerable Software and Affected Versions Autodesk Fusion (affected versions not specified)

Description A specially designed HTML payload, placed within a part’s attribute and activated by a user, can lead to a Stored Cross-site Scripting (XSS) issue in the Autodesk Fusion desktop application. An attacker could potentially use this to access local files or run arbitrary code with the permissions of the current process. The vulnerability involves a malicious HTML payload stored in a part’s attribute. Clicking this payload triggers the XSS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.