CVE Catalog

CVE-2026-10789

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution.

Risk Assessment

A successful exploit may allow code to execute with the privileges of the current user, posing a significant security risk.

Recommendation

It is recommended to disable the MCP extension or update the software to the latest version to mitigate the risk of this vulnerability.

Original NVD description (English source)

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS