Search

Find a vulnerability

Search criteria

    340 vulnerabilities

    CVE-2026-10789 (GCVE-0-2026-10789)

    Vulnerability from cvelistv5 – Published: 2026-06-22 17:15 – Updated: 2026-06-23 03:56
    VLAI
    Title
    MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop
    Summary
    A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Fusion Affected: 2703.1.11 , < 2703.1.20 (semver)
        cpe:2.3:a:autodesk:fusion:2703.1.11:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10789",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T03:56:02.324Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:fusion:2703.1.11:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2703.1.20",
                  "status": "affected",
                  "version": "2703.1.11",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user."
                }
              ],
              "value": "A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T17:15:25.546Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0008"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-10789",
        "datePublished": "2026-06-22T17:15:25.546Z",
        "dateReserved": "2026-06-03T19:23:28.312Z",
        "dateUpdated": "2026-06-23T03:56:02.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1288 (GCVE-0-2026-1288)

    Vulnerability from cvelistv5 – Published: 2026-06-17 15:27 – Updated: 2026-06-17 17:30
    VLAI
    Title
    RFA File Parsing Vulnerability in Autodesk Revit
    Summary
    A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Revit Affected: 2027.0.0 , < 2027.1.0 (semver)
    Affected: 2026.0.0 , < 2026.4.1 (semver)
    Affected: 2025.0.0 , < 2025.4.5 (semver)
    Affected: 2024.0.0 , < 2024.3.5 (semver)
        cpe:2.3:a:autodesk:revit:2027.1:*:*:*:*:*:*:*
        cpe:2.3:a:autodesk:revit:2026.4.1:*:*:*:*:*:*:*
        cpe:2.3:a:autodesk:revit:2025.4.5:*:*:*:*:*:*:*
        cpe:2.3:a:autodesk:revit:2024.3.5:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1288",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T17:30:34.311655Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T17:30:51.745Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:revit:2027.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:autodesk:revit:2026.4.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:autodesk:revit:2025.4.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:autodesk:revit:2024.3.5:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Revit",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2027.1.0",
                  "status": "affected",
                  "version": "2027.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2026.4.1",
                  "status": "affected",
                  "version": "2026.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2025.4.5",
                  "status": "affected",
                  "version": "2025.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2024.3.5",
                  "status": "affected",
                  "version": "2024.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted RFA file, when converted to FormIt via \u201cConvert RFA to FormIt\u201d in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition."
                }
              ],
              "value": "A maliciously crafted RFA file, when converted to FormIt via \u201cConvert RFA to FormIt\u201d in Autodesk Revit, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153: Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-17T15:27:54.195Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0007"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "RFA File Parsing Vulnerability in Autodesk Revit",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-1288",
        "datePublished": "2026-06-17T15:27:54.195Z",
        "dateReserved": "2026-01-21T14:43:31.726Z",
        "dateUpdated": "2026-06-17T17:30:51.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7454 (GCVE-0-2026-7454)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:09 – Updated: 2026-05-27 03:55
    VLAI
    Title
    WRL File Parsing Memory Corruption in Autodesk 3ds Max
    Summary
    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2027 , < 2027.1 (custom)
    Affected: 2026 , < 2026.1 (custom)
        cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7454",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:55.888Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*",
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2027.1",
                  "status": "affected",
                  "version": "2027",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T17:09:08.952Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WRL File Parsing Memory Corruption in Autodesk 3ds Max",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-7454",
        "datePublished": "2026-05-26T17:09:08.952Z",
        "dateReserved": "2026-04-29T17:19:13.538Z",
        "dateUpdated": "2026-05-27T03:55:55.888Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7453 (GCVE-0-2026-7453)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:08 – Updated: 2026-06-03 13:39
    VLAI
    Title
    WRL File Parsing Memory Exhaustion in Autodesk 3ds Max
    Summary
    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2027 , < 2027.1 (custom)
    Affected: 2026 , < 2026.1 (custom)
        cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7453",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:23:29.878255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:39:06.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*",
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2027.1",
                  "status": "affected",
                  "version": "2027",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition."
                }
              ],
              "value": "A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130: Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674: Uncontrolled Recursion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:39:18.808Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WRL File Parsing Memory Exhaustion in Autodesk 3ds Max",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-7453",
        "datePublished": "2026-05-26T17:08:40.918Z",
        "dateReserved": "2026-04-29T17:19:12.725Z",
        "dateUpdated": "2026-06-03T13:39:18.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7452 (GCVE-0-2026-7452)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:06 – Updated: 2026-05-27 03:55
    VLAI
    Title
    WRL File Parsing Memory Corruption in Autodesk 3ds Max
    Summary
    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2027 , < 2027.1 (custom)
    Affected: 2026 , < 2026.1 (custom)
        cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7452",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:52.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*",
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2027.1",
                  "status": "affected",
                  "version": "2027",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T17:06:35.440Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WRL File Parsing Memory Corruption in Autodesk 3ds Max",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-7452",
        "datePublished": "2026-05-26T17:06:35.440Z",
        "dateReserved": "2026-04-29T17:19:12.024Z",
        "dateUpdated": "2026-05-27T03:55:52.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7451 (GCVE-0-2026-7451)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:05 – Updated: 2026-05-27 03:55
    VLAI
    Title
    TIF File Parsing Out-of-Bounds Write in Autodesk 3ds Max
    Summary
    A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2027 , < 2027.1 (custom)
    Affected: 2026 , < 2026.1 (custom)
        cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7451",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:53.580Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*",
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2027.1",
                  "status": "affected",
                  "version": "2027",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-26T17:05:56.482Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "TIF File Parsing Out-of-Bounds Write in Autodesk 3ds Max",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-7451",
        "datePublished": "2026-05-26T17:05:56.482Z",
        "dateReserved": "2026-04-29T17:19:11.566Z",
        "dateUpdated": "2026-05-27T03:55:53.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-7450 (GCVE-0-2026-7450)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:05 – Updated: 2026-06-03 13:38
    VLAI
    Title
    PAR File Parsing NULL Pointer Dereference in Autodesk 3ds Max
    Summary
    A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2027 , < 2027.1 (custom)
    Affected: 2026 , < 2026.1 (custom)
        cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-7450",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:26:22.907016Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:40:02.641Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*",
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2027.1",
                  "status": "affected",
                  "version": "2027",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2026.1",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition."
                }
              ],
              "value": "A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:38:45.481Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0006"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "PAR File Parsing NULL Pointer Dereference in Autodesk 3ds Max",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-7450",
        "datePublished": "2026-05-26T17:05:25.646Z",
        "dateReserved": "2026-04-29T17:19:10.754Z",
        "dateUpdated": "2026-06-03T13:38:45.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4344 (GCVE-0-2026-4344)

    Vulnerability from cvelistv5 – Published: 2026-04-14 13:56 – Updated: 2026-04-15 03:58
    VLAI
    Title
    Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name
    Summary
    A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-Site Scripting (XSS) - Stored
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Fusion Affected: 2606.0 , < 2702.1.47 (custom)
        cpe:2.3:a:autodesk:fusion:2606.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T03:58:14.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:fusion:2606.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2702.1.47",
                  "status": "affected",
                  "version": "2606.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS) - Stored",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T13:56:56.801Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0005"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-4344",
        "datePublished": "2026-04-14T13:56:56.801Z",
        "dateReserved": "2026-03-17T15:57:23.974Z",
        "dateUpdated": "2026-04-15T03:58:14.791Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4345 (GCVE-0-2026-4345)

    Vulnerability from cvelistv5 – Published: 2026-04-14 13:56 – Updated: 2026-04-15 03:58
    VLAI
    Title
    Stored Cross-Site Scripting (XSS) Vulnerability in Design Name
    Summary
    A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-Site Scripting (XSS) - Stored
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Fusion Affected: 2606.0 , < 2702.1.47 (custom)
        cpe:2.3:a:autodesk:fusion:2606.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4345",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T03:58:16.255Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:fusion:2606.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2702.1.47",
                  "status": "affected",
                  "version": "2606.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS) - Stored",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T13:56:22.111Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0005"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting (XSS) Vulnerability in Design Name",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-4345",
        "datePublished": "2026-04-14T13:56:22.111Z",
        "dateReserved": "2026-03-17T15:57:30.015Z",
        "dateUpdated": "2026-04-15T03:58:16.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4369 (GCVE-0-2026-4369)

    Vulnerability from cvelistv5 – Published: 2026-04-14 13:47 – Updated: 2026-04-15 03:58
    VLAI
    Title
    Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name
    Summary
    A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-Site Scripting (XSS) - Stored
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Fusion Affected: 2606.0 , < 2702.1.47 (custom)
        cpe:2.3:a:autodesk:fusion:2606.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-14T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T03:58:17.421Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:fusion:2606.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2702.1.47",
                  "status": "affected",
                  "version": "2606.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS) - Stored",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-14T13:48:16.573Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0005"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-4369",
        "datePublished": "2026-04-14T13:47:01.968Z",
        "dateReserved": "2026-03-18T08:19:07.639Z",
        "dateUpdated": "2026-04-15T03:58:17.421Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0875 (GCVE-0-2026-0875)

    Vulnerability from cvelistv5 – Published: 2026-02-18 19:39 – Updated: 2026-05-08 18:27
    VLAI
    Title
    MODEL File Parsing Out-of-Bounds Write
    Summary
    A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.9.0.7 , < 1.10.0.4 (custom)
        cpe:2.3:a:autodesk:shared_components:1.9.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0875",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T04:55:51.947581Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:15.726Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.9.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.10.0.4",
                  "status": "affected",
                  "version": "1.9.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T18:27:50.946Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MODEL File Parsing Out-of-Bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0875",
        "datePublished": "2026-02-18T19:39:27.111Z",
        "dateReserved": "2026-01-13T12:37:27.702Z",
        "dateUpdated": "2026-05-08T18:27:50.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0874 (GCVE-0-2026-0874)

    Vulnerability from cvelistv5 – Published: 2026-02-18 19:38 – Updated: 2026-05-08 18:27
    VLAI
    Title
    CATPART File Parsing Out-of-Bounds Write
    Summary
    A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.9.0.7 , < 1.10.0.4 (custom)
        cpe:2.3:a:autodesk:shared_components:1.9.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0874",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T04:55:51.174857Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:15.903Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.9.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.10.0.4",
                  "status": "affected",
                  "version": "1.9.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T18:27:20.652Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0004"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CATPART File Parsing Out-of-Bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0874",
        "datePublished": "2026-02-18T19:38:32.639Z",
        "dateReserved": "2026-01-13T12:36:42.762Z",
        "dateUpdated": "2026-05-08T18:27:20.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0536 (GCVE-0-2026-0536)

    Vulnerability from cvelistv5 – Published: 2026-02-04 18:12 – Updated: 2026-02-26 15:04
    VLAI
    Title
    GIF File Parsing Stack Based Buffer Overflow
    Summary
    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0536",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T04:55:18.332251Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:18.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2026.3.2",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T18:31:40.462Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GIF File Parsing Stack Based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0536",
        "datePublished": "2026-02-04T18:12:56.985Z",
        "dateReserved": "2025-12-23T07:15:48.479Z",
        "dateUpdated": "2026-02-26T15:04:18.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0662 (GCVE-0-2026-0662)

    Vulnerability from cvelistv5 – Published: 2026-02-04 16:28 – Updated: 2026-02-26 15:04
    VLAI
    Title
    Untrusted Search Path Vulnerability when opening max Files
    Summary
    A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0662",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T04:55:24.821645Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:19.038Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2026.3.2",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized."
                }
              ],
              "value": "A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471: Search Order Hijacking"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T16:28:31.980Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Untrusted Search Path Vulnerability when opening max Files",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0662",
        "datePublished": "2026-02-04T16:28:31.980Z",
        "dateReserved": "2026-01-06T19:58:25.162Z",
        "dateUpdated": "2026-02-26T15:04:19.038Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0660 (GCVE-0-2026-0660)

    Vulnerability from cvelistv5 – Published: 2026-02-04 16:27 – Updated: 2026-06-03 13:37
    VLAI
    Title
    Stack Based Buffer Overflow in GIF File Parsing
    Summary
    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-05T04:55:19.092274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:19.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2026.3.2",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:37:12.813Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stack Based Buffer Overflow in GIF File Parsing",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0660",
        "datePublished": "2026-02-04T16:27:40.582Z",
        "dateReserved": "2026-01-06T19:58:22.904Z",
        "dateUpdated": "2026-06-03T13:37:12.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0661 (GCVE-0-2026-0661)

    Vulnerability from cvelistv5 – Published: 2026-02-04 16:27 – Updated: 2026-06-03 13:37
    VLAI
    Title
    Out-of-Bounds Write in RGB File Parsing
    Summary
    A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T04:55:23.983770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:19.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2026.3.2",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:37:43.942Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Out-of-Bounds Write in RGB File Parsing",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0661",
        "datePublished": "2026-02-04T16:27:13.416Z",
        "dateReserved": "2026-01-06T19:58:23.903Z",
        "dateUpdated": "2026-06-03T13:37:43.942Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0537 (GCVE-0-2026-0537)

    Vulnerability from cvelistv5 – Published: 2026-02-04 16:26 – Updated: 2026-06-03 13:31
    VLAI
    Title
    RGB File Parsing Memory Corruption
    Summary
    A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T04:55:23.158110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:19.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2026.3.2",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:31:03.149Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "RGB File Parsing Memory Corruption",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0537",
        "datePublished": "2026-02-04T16:26:01.689Z",
        "dateReserved": "2025-12-23T07:17:33.132Z",
        "dateUpdated": "2026-06-03T13:31:03.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0538 (GCVE-0-2026-0538)

    Vulnerability from cvelistv5 – Published: 2026-02-04 16:24 – Updated: 2026-06-03 13:33
    VLAI
    Title
    GIF File Parsing Out-of-Bounds Write
    Summary
    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk 3ds Max Affected: 2026 , < 2026.3.2 (custom)
        cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T04:55:21.365758Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:20.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2026.3.2",
                  "status": "affected",
                  "version": "2026",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:33:18.853Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GIF File Parsing Out-of-Bounds Write",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0538",
        "datePublished": "2026-02-04T16:24:36.976Z",
        "dateReserved": "2025-12-23T07:18:10.337Z",
        "dateUpdated": "2026-06-03T13:33:18.853Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0659 (GCVE-0-2026-0659)

    Vulnerability from cvelistv5 – Published: 2026-02-04 16:01 – Updated: 2026-02-26 15:04
    VLAI
    Title
    USD File Parsing Out-of-Bounds Write Vulnerability
    Summary
    A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk USD for Arnold Affected: 7.4.4.1 , < 7.4.4.2 (custom)
        cpe:2.3:a:autodesk:usd_for_arnold:arnold_usd_7.4.4.1:*:*:*:*:*:*:*
    Create a notification for this product.
    Autodesk Arnold Affected: 7.4.4.1 , < 7.4.4.2 (custom)
        cpe:2.3:a:autodesk:arnold:7.4.4.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Autodesk 3ds Max Affected: 2026.2 , < 2026.3.2 (custom)
        cpe:2.3:a:autodesk:3ds_max:2026.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0659",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-06T04:55:25.642059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:20.838Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:usd_for_arnold:arnold_usd_7.4.4.1:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "USD for Arnold",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "7.4.4.2",
                  "status": "affected",
                  "version": "7.4.4.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:autodesk:arnold:7.4.4.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Arnold",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "7.4.4.2",
                  "status": "affected",
                  "version": "7.4.4.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:autodesk:3ds_max:2026.2:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "3ds Max",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2026.3.2",
                  "status": "affected",
                  "version": "2026.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-04T16:01:27.307Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/Autodesk/arnold-usd"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0003"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "USD File Parsing Out-of-Bounds Write Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0659",
        "datePublished": "2026-02-04T16:01:27.307Z",
        "dateReserved": "2026-01-06T19:58:21.363Z",
        "dateUpdated": "2026-02-26T15:04:20.838Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0535 (GCVE-0-2026-0535)

    Vulnerability from cvelistv5 – Published: 2026-01-22 16:59 – Updated: 2026-06-03 13:30
    VLAI
    Title
    Stored XSS in Electronic Library Component Description
    Summary
    A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-Site Scripting (XSS) - Stored
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Fusion Affected: 2603.0 , < 2606.1.21 (custom)
        cpe:2.3:a:autodesk:fusion:2603.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0535",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-23T04:55:28.433748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:31.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:fusion:2603.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2606.1.21",
                  "status": "affected",
                  "version": "2603.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted HTML payload, stored in a component\u2019s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "A maliciously crafted HTML payload, stored in a component\u2019s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS) - Stored",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:30:24.931Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0001"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS in Electronic Library Component Description",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0535",
        "datePublished": "2026-01-22T16:59:34.236Z",
        "dateReserved": "2025-12-19T18:57:21.548Z",
        "dateUpdated": "2026-06-03T13:30:24.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0534 (GCVE-0-2026-0534)

    Vulnerability from cvelistv5 – Published: 2026-01-22 16:59 – Updated: 2026-06-03 13:29
    VLAI
    Title
    Stored XSS in the value of a part attribute
    Summary
    A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-Site Scripting (XSS) - Stored
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Fusion Affected: 2603.0 , < 2606.1.21 (custom)
        cpe:2.3:a:autodesk:fusion:2603.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0534",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-23T04:55:29.518153Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:31.522Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:fusion:2603.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2606.1.21",
                  "status": "affected",
                  "version": "2603.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted HTML payload, stored in a part\u2019s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted HTML payload, stored in a part\u2019s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS) - Stored",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:29:45.912Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0001"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS in the value of a part attribute",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0534",
        "datePublished": "2026-01-22T16:59:01.906Z",
        "dateReserved": "2025-12-19T18:57:19.012Z",
        "dateUpdated": "2026-06-03T13:29:45.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0533 (GCVE-0-2026-0533)

    Vulnerability from cvelistv5 – Published: 2026-01-22 16:58 – Updated: 2026-06-03 13:27
    VLAI
    Title
    Stored XSS in Fusion desktop when attempting to delete a file
    Summary
    A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-Site Scripting (XSS) - Stored
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Fusion Affected: 2603.0 , < 2606.1.21 (custom)
        cpe:2.3:a:autodesk:fusion:2603.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0533",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-23T04:55:30.529662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T14:44:31.809Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:fusion:2603.0:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Fusion",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "2606.1.21",
                  "status": "affected",
                  "version": "2603.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
                }
              ],
              "value": "A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS) - Stored",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T13:27:57.507Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0001"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored XSS in Fusion desktop when attempting to delete a file",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2026-0533",
        "datePublished": "2026-01-22T16:58:43.084Z",
        "dateReserved": "2025-12-19T18:57:06.177Z",
        "dateUpdated": "2026-06-03T13:27:57.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10900 (GCVE-0-2025-10900)

    Vulnerability from cvelistv5 – Published: 2025-12-15 23:45 – Updated: 2026-05-07 19:40
    VLAI
    Title
    MODEL File Parsing Out-of-Bounds Write Vulnerability
    Summary
    AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
        cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10900",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T04:55:23.119502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:35.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.9.0.7",
                  "status": "affected",
                  "version": "1.8.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
                }
              ],
              "value": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:40:50.876Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MODEL File Parsing Out-of-Bounds Write Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-10900",
        "datePublished": "2025-12-15T23:45:26.861Z",
        "dateReserved": "2025-09-23T21:58:04.173Z",
        "dateUpdated": "2026-05-07T19:40:50.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10899 (GCVE-0-2025-10899)

    Vulnerability from cvelistv5 – Published: 2025-12-15 23:45 – Updated: 2026-05-07 19:40
    VLAI
    Title
    MODEL File Parsing Out-of-Bounds Write Vulnerability
    Summary
    AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
        cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10899",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T04:55:24.893624Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:35.443Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.9.0.7",
                  "status": "affected",
                  "version": "1.8.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
                }
              ],
              "value": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:40:25.329Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MODEL File Parsing Out-of-Bounds Write Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-10899",
        "datePublished": "2025-12-15T23:45:00.819Z",
        "dateReserved": "2025-09-23T21:58:02.191Z",
        "dateUpdated": "2026-05-07T19:40:25.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10898 (GCVE-0-2025-10898)

    Vulnerability from cvelistv5 – Published: 2025-12-15 23:44 – Updated: 2026-05-07 19:39
    VLAI
    Title
    MODEL File Parsing Out-of-Bounds Write Vulnerability
    Summary
    AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
        cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T04:55:26.594115Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:35.832Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.9.0.7",
                  "status": "affected",
                  "version": "1.8.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
                }
              ],
              "value": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:39:53.637Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MODEL File Parsing Out-of-Bounds Write Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-10898",
        "datePublished": "2025-12-15T23:44:26.564Z",
        "dateReserved": "2025-09-23T21:58:00.616Z",
        "dateUpdated": "2026-05-07T19:39:53.637Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10889 (GCVE-0-2025-10889)

    Vulnerability from cvelistv5 – Published: 2025-12-15 23:43 – Updated: 2026-05-07 19:39
    VLAI
    Title
    CATPART File Parsing Memory Corruption Vulnerability
    Summary
    A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
        cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10889",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T04:55:28.285442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:35.988Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.9.0.7",
                  "status": "affected",
                  "version": "1.8.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
                }
              ],
              "value": "A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:39:29.209Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CATPART File Parsing Memory Corruption Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-10889",
        "datePublished": "2025-12-15T23:43:57.696Z",
        "dateReserved": "2025-09-23T15:29:54.776Z",
        "dateUpdated": "2026-05-07T19:39:29.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10888 (GCVE-0-2025-10888)

    Vulnerability from cvelistv5 – Published: 2025-12-15 23:43 – Updated: 2026-05-07 19:39
    VLAI
    Title
    MODEL File Parsing Out-of-Bounds Write Vulnerability
    Summary
    AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
        cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10888",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T04:55:30.267396Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:36.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.9.0.7",
                  "status": "affected",
                  "version": "1.8.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
                }
              ],
              "value": "AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:39:03.711Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MODEL File Parsing Out-of-Bounds Write Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-10888",
        "datePublished": "2025-12-15T23:43:22.374Z",
        "dateReserved": "2025-09-23T15:29:54.154Z",
        "dateUpdated": "2026-05-07T19:39:03.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10887 (GCVE-0-2025-10887)

    Vulnerability from cvelistv5 – Published: 2025-12-15 23:42 – Updated: 2026-05-07 19:38
    VLAI
    Title
    MODEL File Parsing Memory Corruption Vulnerability
    Summary
    A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
        cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10887",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T04:55:32.279387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:36.554Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.9.0.7",
                  "status": "affected",
                  "version": "1.8.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
                }
              ],
              "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:38:36.933Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MODEL File Parsing Memory Corruption Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-10887",
        "datePublished": "2025-12-15T23:42:44.395Z",
        "dateReserved": "2025-09-23T15:29:53.577Z",
        "dateUpdated": "2026-05-07T19:38:36.933Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10886 (GCVE-0-2025-10886)

    Vulnerability from cvelistv5 – Published: 2025-12-15 23:42 – Updated: 2026-05-07 19:38
    VLAI
    Title
    MODEL File Parsing Memory Corruption Vulnerability
    Summary
    A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
        cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10886",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T04:55:34.081764Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:36.698Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.9.0.7",
                  "status": "affected",
                  "version": "1.8.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
                }
              ],
              "value": "A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:38:13.076Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "MODEL File Parsing Memory Corruption Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-10886",
        "datePublished": "2025-12-15T23:42:09.029Z",
        "dateReserved": "2025-09-23T15:29:52.987Z",
        "dateUpdated": "2026-05-07T19:38:13.076Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10884 (GCVE-0-2025-10884)

    Vulnerability from cvelistv5 – Published: 2025-12-15 23:41 – Updated: 2026-05-07 19:37
    VLAI
    Title
    CATPART File Parsing Out-of-Bounds Write Vulnerability
    Summary
    AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Autodesk Shared Components Affected: 1.8.0.7 , < 1.9.0.7 (custom)
        cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10884",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-17T04:55:36.076858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T16:07:37.072Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:autodesk:shared_components:1.8.0.7:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Shared Components",
              "vendor": "Autodesk",
              "versions": [
                {
                  "lessThan": "1.9.0.7",
                  "status": "affected",
                  "version": "1.8.0.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
                }
              ],
              "value": "AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-Bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:37:32.087Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.autodesk.com/products/autodesk-access/overview"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0024"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "CATPART File Parsing Out-of-Bounds Write Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2025-10884",
        "datePublished": "2025-12-15T23:41:34.185Z",
        "dateReserved": "2025-09-23T15:29:51.807Z",
        "dateUpdated": "2026-05-07T19:37:32.087Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }