Skip to main content

Autodesk Fusion EUVDEUVD-2026-38328

| CVE-2026-10789 CRITICAL
Code Injection (CWE-94)
2026-06-22 autodesk GHSA-fp83-vjxr-x824
9.6
CVSS 3.1 · Vendor: autodesk
Share

Severity by source

Vendor (autodesk) PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
9.6 CRITICAL

Browser-delivered payload reaches a local MCP listener (AV:N, UI:R), no auth needed (PR:N), and code execution crosses from web to desktop context yielding full user-level CIA impact with scope change.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (autodesk).

CVSS VectorVendor: autodesk

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 22, 2026 - 17:52 vuln.today

DescriptionCVE.org

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current user.

AnalysisAI

Remote code execution in Autodesk Fusion Desktop's MCP (Model Context Protocol) extension allows attackers to execute arbitrary code with current user privileges when a victim visits a malicious webpage while Fusion is running with the MCP extension enabled. The flaw is rated CVSS 9.6 (Critical) due to its network-reachable nature and scope change, though successful exploitation requires user interaction (visiting a crafted page) and the non-default MCP extension being enabled. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Fusion user with MCP enabled
Delivery
Send phishing link to malicious page
Exploit
Victim visits page while Fusion runs
Execution
Browser triggers MCP extension code injection
Persist
Arbitrary code executes as current user
Impact
Exfiltrate CAD IP or stage follow-on payload

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the victim must have Autodesk Fusion Desktop actively running, (2) the MCP extension feature must be enabled within Fusion (a non-default integration mode), and (3) the victim must visit an attacker-controlled webpage in any browser on the same host (user interaction per CVSS UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H signals a critical-severity remote code execution requiring only user interaction and producing a scope change (the browser/web context crossing into a local desktop application), which is consistent with the described browser-to-desktop attack pattern. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious webpage and lures a Fusion user (e.g., via spear-phishing, watering-hole, or malvertising) to visit it while Fusion is running with the MCP extension enabled. The page sends crafted content to the locally-listening MCP endpoint, triggering the code injection flaw and executing attacker-supplied code under the user's account - enabling further actions such as IP theft of CAD designs, credential harvesting, or staging follow-on malware. …
Remediation Apply the patched Autodesk Fusion client by downloading the latest installer from https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.exe (Windows) or https://dl.appstreaming.autodesk.com/production/installers/Fusion%20Client%20Downloader.dmg (macOS), and consult the advisory at https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0008 for exact fixed version numbers (patch available per vendor advisory). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit users with MCP extension enabled in Fusion Desktop; disable the extension if not actively required. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Fusion

View all
CVE-2017-5753 MEDIUM POC
5.6 Jan 04

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of

CVE-2016-5330 HIGH POC
7.8 Aug 08

Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 t

CVE-2025-22226 HIGH
7.1 Mar 04

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowi

CVE-2017-4901 CRITICAL POC
9.9 Jun 08

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 ha

CVE-2020-3950 HIGH POC
7.8 Mar 17

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for

CVE-2017-4924 HIGH POC
8.8 Sep 15

VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8

CVE-2013-1406 HIGH POC
7.2 Feb 11

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and

CVE-2015-2194 MEDIUM POC
6.5 Mar 03

Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordp

CVE-2012-1666 MEDIUM POC
6.9 Sep 08

Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMwa

CVE-2017-4933 HIGH
8.8 Dec 20

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a

CVE-2017-4905 MEDIUM POC
5.5 Jun 07

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi

CVE-2017-4941 HIGH
8.8 Dec 20

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8

Share

EUVD-2026-38328 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy