These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-10789 is a critical vulnerability in Autodesk Fusion Desktop's MCP extension. A maliciously crafted webpage can trigger this vulnerability, potentially allowing arbitrary code execution with the privileges of the current user. The vulnerability has a CVSS score of 9.6 and is considered critical. Autodesk has released a security advisory (ADSK-SA-2026-0008) and patches to address this issue. Users [truncated]
CVE-2026-1288 is a medium-severity vulnerability in Autodesk Revit that can cause a denial-of-service condition. A maliciously crafted RFA file can force a NULL Pointer Dereference vulnerability when converted to FormIt via 'Convert RFA to FormIt'. Successful exploitation may cause the application to crash. This vulnerability has a CVSS score of 5.5 and is considered a medium-severity issue. The CVE was p [truncated]
A memory corruption vulnerability exists in Autodesk 3ds Max when parsing maliciously crafted WRL (VRML) files. The flaw, published 2026-05-26, allows arbitrary code execution in the context of the current process with a CVSS 3.1 score of 7.8 (HIGH). The vulnerability is triggered through user interaction—specifically, opening a malicious WRL file—and requires local access with no privileges. Affected ver [truncated]
A stack exhaustion vulnerability exists in Autodesk 3ds Max when parsing maliciously crafted WRL (VRML) files. The flaw, classified as CWE-674 (Uncontrolled Recursion), can trigger a denial-of-service condition through local attack vectors. The vulnerability affects 3ds Max versions 2026 and 2027. Autodesk has published security advisory ADSK-SA-2026-0006 addressing this issue. The CVSS 3.1 vector (AV:L/A [truncated]
A memory corruption vulnerability exists in Autodesk 3ds Max when parsing maliciously crafted WRL (VRML) files. The flaw, published 2026-05-26, allows arbitrary code execution in the context of the current process through local attack vectors requiring user interaction. The vulnerability affects 3ds Max versions 2026 and 2027. Autodesk has issued security advisory ADSK-SA-2026-0006 addressing this issue. [truncated]
A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
A NULL pointer dereference vulnerability exists in Autodesk 3ds Max when parsing maliciously crafted PAR files. Successful exploitation causes application crash and denial-of-service. The vulnerability is rated MEDIUM severity (CVSS 5.3) and affects 3ds Max versions 2026 and 2027. The issue was disclosed by Autodesk's PSIRT on May 26, 2026, with official vendor advisory ADSK-SA-2026-0006 published the sam [truncated]
CVE-2016-9307 covers multiple buffer overflows in Autodesk FBX-SDK before 2017.1. According to the NVD record, malformed 3DS format files can trigger arbitrary code execution when the SDK reads or converts them, and NVD rates the issue as critical (CVSS 9.8).
CVE-2016-9306 is a critical memory-corruption issue in Autodesk FBX SDK before 2017.1. According to NVD, multiple buffer overflows can be triggered when the SDK reads or converts malformed DAE format files, creating a path to arbitrary code execution. The published CVSS vector is network-reachable with no privileges or user interaction required, and impact is rated high for confidentiality, integrity, and [truncated]
CVE-2016-9305 is a critical vulnerability in Autodesk FBX-SDK versions before 2017.1. According to the NVD record and Autodesk advisory reference, malformed FBX files can trigger improper handling of type mismatches and previously deleted objects, which may expose uninitialized pointers. The NVD classifies the issue as high-severity network-reachable exposure with no privileges or user interaction require [truncated]
CVE-2016-9304 was publicly disclosed on 2017-01-25. The supplied NVD record describes multiple buffer overflows in Autodesk FBX-SDK versions through 2017.0, with a potential outcome of arbitrary code execution when processing malformed DFX format files. NVD rates the issue CVSS 3.0 8.8 High with network attack characteristics, no privileges required, and user interaction required, indicating a serious ris [truncated]
CVE-2016-9303 is a critical memory-corruption issue in Autodesk FBX-SDK before 2017.1. According to the CVE/NVD record, malformed FBX format files can trigger multiple buffer overflows during reading or conversion, which may lead to arbitrary code execution or an infinite-loop condition.
