PT-2026-51360 · Autodesk · Fusion

Published

2026-06-22

Updated

2026-06-22

CVE-2026-10789

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2026-10789

Affected Products

Fusion

PT-2026-51360 · Autodesk · Fusion

CVE-2026-10789

Weakness Enumeration

Related Identifiers

Affected Products

References · 4