Lucene search
K

20 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS0.00381EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 5:15 p.m.6 views

EUVD-2026-38328

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS6.2AI score0.00381EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:15 p.m.15 views

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS6.2AI score0.00381EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 5:15 p.m.32 views

CVE-2026-10789 MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS0.00381EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 5:15 p.m.27 views

CVE-2026-10789

Summary: CVE-2026-10789 is a code-injection vulnerability in the MCP extension for Autodesk Fusion Desktop. A malicious webpage visited by a user with Fusion Desktop running and MCP enabled can trigger arbitrary code execution with the current user’s privileges. The CVSS 3.1 score is 9.6 (CRITICA...

9.6CVSS6.2AI score0.00381EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51360

Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...

9.6CVSS6.4AI score0.00381EPSS
Exploits0References6
CVE
CVE
added 2026/04/14 1:56 p.m.10 views

CVE-2026-4344

CVE-2026-4344 describes a Stored XSS vulnerability in the Autodesk Fusion desktop application. A malicious HTML payload in the component name, when shown in a delete confirmation dialog and clicked by a user, can execute script in the user’s context. The CVE notes potential to read local files or...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:56 p.m.3 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:47 p.m.2 views

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/14 1:47 p.m.26 views

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS0.002EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.3 views

PT-2026-32644

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/23 9:14 p.m.9 views

CVE-2026-0535

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in...

8.1CVSS5.9AI score0.00578EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 9:14 p.m.5 views

CVE-2026-0534

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

8.1CVSS6AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2026/01/22 5:16 p.m.5 views

CVE-2026-0534

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

8.1CVSS6.1AI score0.00469EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 5:16 p.m.8 views

CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS0.0059EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:59 p.m.3 views

CVE-2026-0534

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...

8.1CVSS5.8AI score0.00469EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/01/22 4:59 p.m.17 views

CVE-2026-0534

This CVE (CVE-2026-0534) affects Autodesk Fusion desktop application. The issue is a Stored Cross-site Scripting (XSS) vulnerability triggered by a malicious HTML payload stored in a part’s attribute and activated by user interaction, allowing an attacker to read local files or execute arbitrary ...

8.1CVSS5.9AI score0.00469EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/01/22 4:58 p.m.24 views

CVE-2026-0533

Technical details (affected product/version, root cause, exploit specifics, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from Autodesk and security advisories to obtain concrete details and remediation guidance.

8.1CVSS5.9AI score0.0059EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 4:58 p.m.3 views

CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS6AI score0.0059EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/22 4:58 p.m.18 views

CVE-2026-0533 Stored XSS in Fusion desktop when attempting to delete a file

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local...

8.1CVSS0.0059EPSS
Exploits0References3
Rows per page
Query Builder