Stored Cross-site Scripting Vulnerability in Autodesk Fusion Desktop Application
CVE-2026-0535

7.1HIGH

Key Information:

Vendor: Autodesk
Status: Fusion
Vendor: CVE Published:; 22 January 2026

What is CVE-2026-0535?

A security flaw exists in the Autodesk Fusion desktop application that allows attackers to exploit Stored Cross-site Scripting (XSS) through dangerously crafted HTML payloads. When a user interacts with a component's description containing such a payload, it can lead to unauthorized access, enabling malicious users to read local files or execute arbitrary code under the context of the affected process. This vulnerability underscores the importance of patching and securing user interfaces against XSS threats.