What is the CVSS score of CVE-2026-0533?

CVE-2026-0533 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Fusion are affected by CVE-2026-0533?

A stored cross-site scripting vulnerability in Autodesk Fusion allows attackers to execute malicious code when users interact with specially crafted design names during delete operations.. A patch is available.

Fusion CVE-2026-0533

HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-01-22 psirt@autodesk.com

XSS Fusion

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch released

Jan 30, 2026 - 17:07 nvd

Patch available

CVE Published

Jan 22, 2026 - 17:16 nvd

HIGH 7.1

DescriptionNVD

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

AnalysisAI

Stored XSS in Autodesk Fusion's design name field allows attackers to inject malicious HTML that executes when users view the delete confirmation dialog, potentially enabling arbitrary code execution or local file access on affected systems. An attacker must first craft a malicious design name that gets stored in the application, then socially engineer a user to interact with the deletion prompt to trigger the payload. …

RemediationAI

Within 24 hours: Notify all Autodesk Fusion users to avoid deleting designs with unusual or suspicious names and escalate any suspicious activity to security. Within 7 days: Deploy the available patch to all Fusion installations across the organization. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0533 vulnerability details – vuln.today

Back