Autodesk CVEs & Vulnerabilities

8 CVEs affecting Autodesk products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

3ds max 12autocad mechanical 2autocad electrical 2infraworks 2advance steel 2revit 2revit lt 2civil 3d 2
CVE-2026-10789CRITICAL

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.

22 Jun 2026
9.6
CVSS
CVE-2026-7454HIGH

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

26 May 2026
7.8
CVSS
CVE-2026-7453MEDIUM

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.

26 May 2026
5.5
CVSS
CVE-2026-7452HIGH

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

26 May 2026
7.8
CVSS
CVE-2026-7451HIGH

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

26 May 2026
7.8
CVSS
CVE-2026-7450MEDIUM

A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition.

26 May 2026
5.5
CVSS
CVE-2026-0875HIGH

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

18 Feb 2026
7.8
CVSS
CVE-2026-0874HIGH

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

18 Feb 2026
7.8
CVSS
← PrevPage 1 / 1Next →