Security Vulnerability Report
中文
CVE-2026-0533 CVSS 7.1 HIGH

CVE-2026-0533

Published: 2026-01-22 17:16:29
Last Modified: 2026-01-30 17:07:30
Source: [email protected]

Description

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

CVSS Details

CVSS Score
7.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:* - VULNERABLE
Autodesk Fusion < 2024.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<script>alert(document.cookie)</script>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-0533", "sourceIdentifier": "[email protected]", "published": "2026-01-22T17:16:28.937", "lastModified": "2026-01-30T17:07:29.903", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."}, {"lang": "es", "value": "Una carga útil HTML creada maliciosamente en un nombre de diseño, cuando se muestra durante el diálogo de confirmación de eliminación y es pulsada por un usuario, puede desencadenar una vulnerabilidad de cross-site scripting (XSS) almacenado en la aplicación de escritorio Autodesk Fusion. Un actor malicioso puede aprovechar esta vulnerabilidad para leer archivos locales o ejecutar código arbitrario en el contexto del proceso actual."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*", "versionEndExcluding": "2606.1.21", "matchCriteriaId": "00476C10-FCC9-4EDD-AE74-95A8E99806B9"}]}]}], "references": [{"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0001", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.