CVE-2026-10789 – Autodesk Fusion
CVSS 9.6
CRITICAL
Critical or Zero Day – Immediate Deployment
“A trusted desktop application should never become a bridge for malicious websites.”
This security update addresses CVE-2026-10789, a critical vulnerability affecting Autodesk Fusion. A maliciously crafted webpage visited while Autodesk Fusion Desktop is running with the MCP extension enabled can trigger arbitrary code execution. Successful exploitation allows code to run with the privileges of the current user. The CVSS score is 9.6, which is Critical severity.
The update strengthens the security of the MCP extension to prevent malicious webpages from triggering arbitrary code execution. There is no verified evidence of active real-world exploitation or a public proof-of-concept for this vulnerability.
Key Details
- Affected Product
- Autodesk Fusion
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-94
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.