Every CVE whose affected-product data names Autodesk Fusion, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2026-10789 — CVSS 9.6 (critical): A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a…
CVE-2025-10244 — CVSS 8.7 (high): A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting…
CVE-2026-0533 — CVSS 8.1 (high): A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can…
CVE-2026-0534 — CVSS 8.1 (high): A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS)…
CVE-2026-0535 — CVSS 8.1 (high): A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting…
CVE-2021-40162 — CVSS 7.8 (high): A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries…
CVE-2021-40163 — CVSS 7.8 (high): A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing…
CVE-2021-40164 — CVSS 7.8 (high): A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute…
CVE-2021-40165 — CVSS 7.8 (high): A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer…
CVE-2021-40166 — CVSS 7.8 (high): A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed…
CVE-2026-4344 — CVSS 7.1 (high): A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can…
CVE-2026-4345 — CVSS 7.1 (high): A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS)…
CVE-2026-4369 — CVSS 7.1 (high): A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user…