Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Browser-delivered payload reaches a local MCP listener (AV:N, UI:R), no auth needed (PR:N), and code execution crosses from web to desktop context yielding full user-level CIA impact with scope change.
Primary rating from Vendor (autodesk).
CVSS VectorVendor: autodesk
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.
AnalysisAI
Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: (1) the victim must have Autodesk Fusion Desktop actively running, (2) the MCP extension feature must be enabled within Fusion (a non-default integration mode), and (3) the victim must visit an attacker-controlled webpage in any browser on the same host (user interaction per CVSS UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H signals a critical-severity remote code execution requiring only user interaction and producing a scope change (the browser/web context crossing into a local desktop application), which is consistent with the described browser-to-desktop attack pattern. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a malicious webpage and lures a Fusion user (e.g., via spear-phishing, watering-hole, or malvertising) to visit it while Fusion is running with the MCP extension enabled. The page sends crafted content to the locally-listening MCP endpoint, triggering the code injection flaw and executing attacker-supplied code under the user's account - enabling further actions such as IP theft of CAD designs, credential harvesting, or staging follow-on malware. … |
| Remediation | Apply the patched Autodesk Fusion client by downloading the latest installer from https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe (Windows) or https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg (macOS), and consult the advisory at https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0008 for exact fixed version numbers (patch available per vendor advisory). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit users with MCP extension enabled in Fusion Desktop; disable the extension if not actively required. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 t
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowi
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 ha
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and
Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordp
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMwa
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38328
GHSA-fp83-vjxr-x824