External risk intelligence

Autodesk Fusion MCP Extension Arbitrary Code Execution Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.6)

CVE-2026-10789

The vulnerability requires a user to actively visit a maliciously crafted webpage while using Autodesk Fusion Desktop with a specific extension enabled. It is a client-side execution scenario tied to user interaction within a desktop application, not a public-facing service, appliance, or network-accessible endpoint.

Code Injection

Autodesk Fusion

before 2703.1.20

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability exists in Autodesk Fusion Desktop's MCP extension that could allow malicious code execution if a user visits a compromised webpage. This exploit targets the privileges of the current user, emphasizing the need to confirm if this specific technology and user interaction scenario is relevant to your environment.

  • Malicious websites can run code on user's computers.
  • Affects Fusion Desktop users with a specific extension.
  • Confirm relevance and potential exposure to this risk.

Attack Path

How an attacker could exploit the issue

An attacker could create a malicious webpage that, when visited by a user, exploits a vulnerability in the MCP extension within Autodesk Fusion Desktop. This could lead to arbitrary code execution on the user's machine with their current privileges.

  • Requires visiting a malicious webpage.
  • Triggers vulnerability in the MCP extension.
  • Risk of arbitrary code execution.

Live Threat

Current exploitation, exposure, and threat context

When a user visits a malicious webpage while Autodesk Fusion Desktop with the MCP extension is running, arbitrary code could be executed with the user's privileges. This vulnerability impacts the desktop application and relies on user interaction.

  • Arbitrary code execution.
  • Malicious webpage visit.
  • User's system compromised.

Operational Fix

Recommended remediation, mitigation, and detection steps

Given the client-side nature of this vulnerability, which requires user interaction with a malicious webpage while running Autodesk Fusion Desktop with the MCP extension enabled, the primary responsibility likely falls to teams managing end-user computing environments and application support. The initial practical move is to identify where Fusion Desktop is deployed, assess the business criticality and reachability of affected instances, and then confirm the accountable owner for user-facing applications and their extensions.

  • Application owners are responsible.
  • Verify Fusion Desktop and MCP extension presence.
  • Plan remediation based on user risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Autodesk Fusion Desktop and the MCP extension?

Autodesk Fusion is a professional cloud-based platform used for 3D design, engineering, and manufacturing. The MCP extension is a specific component integrated into the desktop application, often responsible for facilitating communication or streaming services between the local software and cloud-based tasks.

What does CVE-2026-10789 mean for my security?

This vulnerability falls under the class of Improper Control of Generation of Code (CWE-94). In plain terms, the MCP extension fails to safely handle certain web interactions. If a user navigates to a harmful site, the extension can be tricked into executing unauthorized code directly on the local computer, effectively adopting the permissions of the logged-in user.

How is this vulnerability triggered?

An attacker triggers this by enticing a user to visit a specially crafted webpage while the Fusion Desktop application is active. It is important to note that simply having the software installed is not enough to cause an issue; the vulnerability is not triggered by background processes or automated network connections, but rather requires the specific action of visiting a malicious site while the extension is running.

Is my environment at risk according to Halo Surface Signal?

Halo Surface Signal assesses this risk as very unlikely because it is a client-side execution scenario. Unlike a vulnerability in a public-facing server or network appliance, this bug requires active, manual user interaction. It is not an endpoint that can be scanned or probed remotely by attackers across the internet; the threat depends entirely on the user's browsing behavior.

What should I do if I use Autodesk Fusion?

First, identify which workstations have Fusion Desktop and the MCP extension installed. Since this is a client-side issue, coordinate with the teams that manage your organization's end-user computers. Verify your current software version and monitor official Autodesk security channels for available updates or guidance on disabling the MCP extension if necessary.

References