Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-10789
PUBLISHED
More InfoOfficial Page
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
View Known Exploited Vulnerability (KEV) details
Published At-22 Jun, 2026 | 17:15
Updated At-23 Jun, 2026 | 03:56
Rejected At-
▼CVE Numbering Authority (CNA)
MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.

Affected Products
Vendor
Autodesk Inc.Autodesk
Product
Fusion
CPEs
  • cpe:2.3:a:autodesk:fusion:2703.1.11:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 2703.1.11 before 2703.1.20 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-94CWE-94 Improper Control of Generation of Code ('Code Injection')
Type: CWE
CWE ID: CWE-94
Description: CWE-94 Improper Control of Generation of Code ('Code Injection')
Metrics
VersionBase scoreBase severityVector
3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-242CAPEC-242 Code Injection
CAPEC ID: CAPEC-242
Description: CAPEC-242 Code Injection
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0008
vendor-advisory
https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe
patch
https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg
patch
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0008
Resource:
vendor-advisory
Hyperlink: https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe
Resource:
patch
Hyperlink: https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found