Stored Cross-site Scripting Vulnerability in Autodesk Fusion Desktop Application
CVE-2026-0535
7.1HIGH
What is CVE-2026-0535?
A security flaw exists in the Autodesk Fusion desktop application that allows attackers to exploit Stored Cross-site Scripting (XSS) through dangerously crafted HTML payloads. When a user interacts with a component's description containing such a payload, it can lead to unauthorized access, enabling malicious users to read local files or execute arbitrary code under the context of the affected process. This vulnerability underscores the importance of patching and securing user interfaces against XSS threats.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Fusion 2603.0 < 2606.1.21
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved