Stored Cross-site Scripting Vulnerability in Autodesk Fusion Desktop Application
CVE-2026-4344

7.1HIGH

Key Information:

Vendor

Autodesk
Status
Fusion
Vendor
CVE Published:
14 April 2026

What is CVE-2026-4344?

A vulnerability exists in the Autodesk Fusion desktop application where a crafted HTML payload, if clicked during the delete confirmation dialog, can lead to Stored Cross-site Scripting. This flaw allows an attacker to potentially read local files or execute arbitrary code within the context of the application, raising significant security concerns for users.

Affected Version(s)

Fusion 2606.0 < 2702.1.47

References

https://www.autodesk.com/trust/security-advisories/adsk-s...
vendor-advisory
https://dl.appstreaming.autodesk.com/production/installer...
patch
https://dl.appstreaming.autodesk.com/production/installer...
patch

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.