AutoDesk Fusion
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in AutoDesk Fusion.
By the Year
In 2026 there have been 3 vulnerabilities in AutoDesk Fusion with an average score of 7.1 out of ten. Last year, in 2025 Fusion had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 1.60
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 7.10 |
| 2025 | 1 | 8.70 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 5 | 7.80 |
It may take a day or so for new Fusion vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent AutoDesk Fusion Security Vulnerabilities
Autodesk Fusion Desktop Stored XSS via Component Description
CVE-2026-0535
7.1 - High
- January 22, 2026
A maliciously crafted HTML payload, stored in a components description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
XSS
Autodesk Fusion Desktop XSS via parts attribute
CVE-2026-0534
7.1 - High
- January 22, 2026
A maliciously crafted HTML payload, stored in a parts attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
XSS
Autodesk Fusion Stored XSS via malicious HTML payload in design name
CVE-2026-0533
7.1 - High
- January 22, 2026
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
XSS
Autodesk Fusion XSS via Malicious HTML Payload
CVE-2025-10244
8.7 - High
- September 23, 2025
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
XSS
Autodesk Image Processing PNG Free-After-Free Exploit
CVE-2021-40166
7.8 - High
- October 07, 2022
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Dangling pointer
Autodesk Image Processing: Buffer Overflow in TIFF Parsing
CVE-2021-40165
7.8 - High
- October 07, 2022
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Memory Corruption
ImageMagick heap overflow via TIFF/PICT/TGA parsing
CVE-2021-40164
7.8 - High
- October 07, 2022
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Memory Corruption
Memory Corruption in Autodesk ImageProcessing DLL Enables Code Execution
CVE-2021-40163
7.8 - High
- October 07, 2022
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Memory Corruption
Autodesk Image Processing TIFF Buffer Overflow Exec
CVE-2021-40162
7.8 - High
- October 07, 2022
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Out-of-bounds Read
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for AutoDesk Fusion or by AutoDesk? Click the Watch button to subscribe.
