AutoDesk AutoDesk

  1. Vendors
  2. AutoDesk

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any AutoDesk product.

RSS Feeds for AutoDesk security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in AutoDesk products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by AutoDesk Sorted by Most Security Vulnerabilities since 2018

AutoDesk Autocad166 vulnerabilities

AutoDesk Autocad Plant 3d159 vulnerabilities

AutoDesk Autocad Mep159 vulnerabilities

AutoDesk Autocad Mechanical159 vulnerabilities

AutoDesk Autocad Architecture159 vulnerabilities

AutoDesk Autocad Electrical159 vulnerabilities

AutoDesk Autocad Map 3d137 vulnerabilities

AutoDesk Advance Steel97 vulnerabilities

AutoDesk Civil 3d96 vulnerabilities

AutoDesk Autocad Lt81 vulnerabilities

AutoDesk Autocad Civil 3d68 vulnerabilities

AutoDesk Autocad Advance Steel63 vulnerabilities

AutoDesk Navisworks47 vulnerabilities

AutoDesk Revit33 vulnerabilities

AutoDesk Shared Components32 vulnerabilities

AutoDesk Dwg Trueview21 vulnerabilities

AutoDesk Inventor20 vulnerabilities

AutoDesk 3ds Max19 vulnerabilities

AutoDesk Fbx Software Development Kit14 vulnerabilities

AutoDesk Fbx Review9 vulnerabilities

AutoDesk Fusion9 vulnerabilities

AutoDesk Infrastructure Parts Editor7 vulnerabilities

AutoDesk Navisworks Manage6 vulnerabilities

AutoDesk Navisworks Simulate6 vulnerabilities

AutoDesk Autocad Mechnaical6 vulnerabilities

AutoDesk Vred5 vulnerabilities

AutoDesk Navisworks Freedom4 vulnerabilities

AutoDesk Revit Lt4 vulnerabilities

AutoDesk Installer4 vulnerabilities

AutoDesk Maya3 vulnerabilities

AutoDesk Vault2 vulnerabilities

AutoDesk Usd For Arnold1 vulnerability

AutoDesk Universal Scene Description1 vulnerability

AutoDesk Arnold1 vulnerability

AutoDesk Realdwg1 vulnerability

By the Year

In 2026 there have been 12 vulnerabilities in AutoDesk with an average score of 7.6 out of ten. Last year, in 2025 AutoDesk had 71 security vulnerabilities published. Right now, AutoDesk is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.17




Year Vulnerabilities Average Score
2026 12 7.63
2025 71 7.80
2024 102 7.70
2023 31 7.86
2022 73 7.81
2021 25 7.53
2020 7 0.00
2019 9 7.80

It may take a day or so for new AutoDesk vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent AutoDesk Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-0875 Feb 18, 2026
OOB Write via Malicious Autodesk MODEL File A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2026-0874 Feb 18, 2026
Out-of-Bounds Write in Autodesk Inventor via Malicious CATPART File A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
Inventor
CVE-2026-0536 Feb 04, 2026
Stack Overflow via Malicious GIF in Autodesk 3ds Max A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2026-0662 Feb 04, 2026
Untrusted Search Path in Autodesk 3ds Max triggers arbitrary code exec A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
3ds Max
CVE-2026-0660 Feb 04, 2026
Autodesk 3ds Max GIF Stack Buffer Overflow CVE-2026-0660 A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2026-0661 Feb 04, 2026
Memory Corruption in Autodesk 3ds Max via RGB File A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2026-0537 Feb 04, 2026
Autodesk 3ds Max RGB Parser Memory Corruption Code Execution A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2026-0538 Feb 04, 2026
Autodesk 3ds Max GIF OOB Write Enables Arbitrary Code Exec A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2026-0659 Feb 04, 2026
Autodesk Arnold/3ds Max OOB Write via Malicious USD A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Usd For Arnold
Arnold
3ds Max
And others...
CVE-2026-0535 Jan 22, 2026
Autodesk Fusion Desktop Stored XSS via Component Description A maliciously crafted HTML payload, stored in a components description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
Fusion
CVE-2026-0534 Jan 22, 2026
Autodesk Fusion Desktop XSS via parts attribute A maliciously crafted HTML payload, stored in a parts attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
Fusion
CVE-2026-0533 Jan 22, 2026
Autodesk Fusion Stored XSS via malicious HTML payload in design name A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
Fusion
CVE-2025-10900 Dec 15, 2025
Autodesk MODEL File OOB Write via Crafted Parsing AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10899 Dec 15, 2025
Autodesk 3ds Max OOB Write via malicious MODEL file AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
3ds Max
CVE-2025-10898 Dec 15, 2025
Autodesk OOBW via crafted MODEL file AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10889 Dec 15, 2025
Autodesk CAD CATPART MEMCORR CVE-2025-10889 A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10888 Dec 15, 2025
Autodesk Model Parser OOB Write via Malicious MODEL File (CVE-2025-10888) AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10887 Dec 15, 2025
Autodesk Model File Memory Corruption Arbitrary Code Exec A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10886 Dec 15, 2025
Autodesk Model File Parsing Causing Memory Corruption Code Execution A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10884 Dec 15, 2025
Autodesk Inventor OOB Write via Malicious CATPART AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
Inventor
CVE-2025-10883 Dec 15, 2025
Autodesk CATPRODUCT OOB Read via Malicious File A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10882 Dec 15, 2025
Autodesk Products OOB Write via Malicious X_T File AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10881 Dec 15, 2025
Autodesk Inventor Heap Overflow via CATPRODUCT file A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-9460 Dec 15, 2025
Autodesk OOB Read in SLDPRT Parsing A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-9459 Dec 15, 2025
Autodesk OOB Read via malicious SLDPRT file A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-9457 Dec 15, 2025
Autodesk PRT Memory Corruption Vulnerability CVE-2025-9457 A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-9456 Dec 15, 2025
Autodesk Inventor: SLDPRT Memory Corruption Enables Remote Code Execution A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
Inventor
CVE-2025-9455 Dec 15, 2025
Autodesk CAD OOB Read via CATPRODUCT file A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-9454 Dec 15, 2025
Autodesk PRT OOB Read Exploit A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
Autocad
CVE-2025-9453 Dec 15, 2025
Autodesk PRT OOB Read in File Parser A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-9452 Dec 15, 2025
Arbitrary Code Execution in Autodesk Inventor from SLDPRT File A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-14593 Dec 15, 2025
Autodesk CATIA CATPART OOB Read via Malicious File A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-11797 Nov 12, 2025
Use-After-Free in Autodesk 3ds Max DWG Parser allows arbitrary code exec A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-11795 Nov 12, 2025
Autodesk 3ds Max OOB Write via Malformed JPG (CVE-2025-11795) A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-9458 Nov 07, 2025
Autodesk Memory Corruption via Malicious PRT File Parser RCE A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-10885 Nov 06, 2025
Privilege Escalation via Unvalidated Binary Load in Windows A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM.
Installer
CVE-2025-8354 Sep 23, 2025
Autodesk Revit RFA Type Confusion via Malicious File A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Revit
Revit Lt
CVE-2025-10244 Sep 23, 2025
Autodesk Fusion XSS via Malicious HTML Payload A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
Fusion
CVE-2025-8892 Sep 22, 2025
Autodesk PRT memory corruption vulnerability (RCE) A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-8894 Sep 16, 2025
Autodesk PDF Reader Heap Overflow via Malformed PDF A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Revit
Autocad
Autocad Lt
And others...
CVE-2025-8893 Sep 16, 2025
Out-of-Bounds Write in Autodesk PDF Parser via Malicious PDF A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Revit
Autocad
Autocad Lt
And others...
CVE-2025-5046 Aug 15, 2025
AutoCAD OOBR via Malicious DGN File A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Lt
Autocad Architecture
And others...
CVE-2025-5047 Aug 15, 2025
Uninitialized Variable in AutoCAD via Malicious DGN File – Crash or RCE A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Autocad
Autocad Lt
Autocad Architecture
And others...
CVE-2025-5048 Aug 15, 2025
AutoCAD DGN Import Memory Corruption (CVE-2025-5048) A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Autocad
Autocad Lt
Autocad Architecture
And others...
CVE-2025-6632 Aug 06, 2025
3ds Max OOB Read via PSD Import A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-6633 Aug 06, 2025
Autodesk 3ds Max OOB Write via Malicious RBG File A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-6634 Aug 06, 2025
Memory Corruption RCE via Malicious TGA in Autodesk 3ds Max A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
3ds Max
CVE-2025-6637 Jul 29, 2025
Autodesk Inventor OOB Write in PRT Parser (CVE-2025-6637) A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Shared Components
Inventor
CVE-2025-6636 Jul 29, 2025
Autodesk PRT UAF Causing RCE A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Shared Components
CVE-2025-5038 Jul 29, 2025
Autodesk X_T File Memory Corruption RCE A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
Shared Components
Autocad
Autocad Architecture
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.