CVE-2026-10789 – Autodesk Fusion

CVSS 9.6 CRITICAL Critical or Zero Day – Immediate Deployment

“A trusted desktop application should never become a bridge for malicious websites.”

This security update addresses CVE-2026-10789, a critical vulnerability affecting Autodesk Fusion. A maliciously crafted webpage visited while Autodesk Fusion Desktop is running with the MCP extension enabled can trigger arbitrary code execution. Successful exploitation allows code to run with the privileges of the current user. The CVSS score is 9.6, which is Critical severity.

The update strengthens the security of the MCP extension to prevent malicious webpages from triggering arbitrary code execution. There is no verified evidence of active real-world exploitation or a public proof-of-concept for this vulnerability.

Key Details

Affected Product
Autodesk Fusion
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-94
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.