CVE-2026-10789
Awaiting Analysis Awaiting Analysis - Queue
Arbitrary Code Execution in Autodesk Fusion MCP Extension

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: Autodesk

Description
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-23
AI Q&A
2026-06-22
EPSS Evaluated
N/A
NVD
CVE-2026-10789
EUVD
EUVD-2026-38328
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
autodesk fusion_desktop *
autodesk mcp_extension *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when a user visits a maliciously crafted webpage while running Autodesk Fusion Desktop with the MCP extension enabled. The MCP extension has a flaw that can be triggered by such a webpage, potentially allowing arbitrary code execution.

If exploited successfully, the attacker can execute code with the same privileges as the current user, which means they can perform any action that the user is permitted to do on the system.

Impact Analysis

The impact of this vulnerability is severe because it allows an attacker to run arbitrary code on your system with your user privileges.

  • Potential unauthorized access to your files and data.
  • Installation of malware or other malicious software.
  • Compromise of system integrity and confidentiality.
  • Possible disruption of your normal operations or data loss.
Compliance Impact

This vulnerability allows arbitrary code execution with the privileges of the current user, which could lead to unauthorized access, data breaches, or manipulation of sensitive information.

Such security risks can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

Organizations using Autodesk Fusion Desktop with the MCP extension enabled should consider this vulnerability when assessing their security posture and compliance obligations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10789. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart