HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-10789Published Modified CNA autodesk

CVE-2026-10789: MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.

Metrics

CVSS v3.1
9.6
Severity
CRITICAL
Fixed in
2703.1.20
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A code injection vulnerability in the MCP extension for Autodesk Fusion Desktop allows a remote attacker to execute arbitrary code on a victim's machine by tricking the user into visiting a maliciously crafted webpage. The attack requires no authentication and reaches the target over the network, but the user must visit the attacker-controlled page while Autodesk Fusion is running with the MCP extension enabled. Successful exploitation gives the attacker full code execution under the privileges of the logged-in user, enabling data theft, file tampering, and further system compromise. A patched-image rebuild at version 2703.1.20 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Autodesk Fusion, in both registry scans and active pipeline checks.

Available
Triage

HarborGuard surfaces this CVE with its CVSS v3.1 score of 9.6 (Critical) and weights it against each environment's compliance policy, then routes the finding to the appropriate team inbox within the customer organization.

Available
Patch

A patched-image rebuild pinned to Autodesk Fusion version 2703.1.20 is available on HarborGuard for any environment found to be running an affected version between 2703.1.11 and 2703.1.20. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker delivers the malicious payload over the network by luring the victim to a remote webpage, so the target host must be reachable from or capable of browsing the open internet.

  • AuthenticationNot required

    No account, credential, or session token is required; any unauthenticated party who can serve a webpage to the victim can attempt the exploit.

  • Victim interactionRequired

    The victim must visit a maliciously crafted webpage in a browser session while Autodesk Fusion Desktop is running with the MCP extension enabled, making this a social-engineering-dependent attack.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other unpredictable environmental factors.

Blast Radius

  • The attacker executes arbitrary code in the context of the logged-in user, gaining full control over any process that user can spawn.
  • Confidential files, credentials, and application data accessible to the current user account are exposed to exfiltration.
  • The attacker can write, modify, or delete files and persistent application state on the host, including project files managed by Autodesk Fusion.
  • Because the CVSS scope is Changed, the exploit can affect resources outside the Fusion process itself, such as other applications or OS-level configurations the user has access to.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-10789 is active across all connected registries and build pipelines, with the Critical severity rating (9.6) applied immediately on ingestion. For environments running Autodesk Fusion in a containerized or Electron-style desktop image between versions 2703.1.11 and 2703.1.20, a rebuilt image at the fixed version 2703.1.20 is available. Where compliance policy permits auto-remediation, HarborGuard rebuilds the image, executes the configured regression test suite, and opens a pull request against affected workloads; for environments with that setting enabled, median time from CVE publication to a merged patch PR for Critical-severity issues is around 90 minutes. For teams that have not yet enabled auto-remediation, the finding appears in the triage queue with full CVSS detail, affected image digests, and a direct link to the upstream Autodesk advisory to support manual review.

See how HarborGuard automates this

Fix available

2703.1.20
Patch commits
Affected packages
  • Autodesk / Fusion
    < 2703.1.20 (from 2703.1.11)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References