CVE-2026-10789
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution.
Risk Assessment
A successful exploit may allow code to execute with the privileges of the current user, posing a significant security risk.
Recommendation
It is recommended to disable the MCP extension or update the software to the latest version to mitigate the risk of this vulnerability.
Original NVD description (English source)
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.

