CVE Catalog

CVE-2026-48989

HighCVSS 8.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

31th percentile — higher than 31% of all known CVEs

Summary

In versions prior to 0.7.5 of the Windows-MCP project, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS. This allowed attackers to remotely execute PowerShell commands as the Windows user.

Risk Assessment

The organization may be exposed to unauthorized PowerShell command execution, potentially leading to serious security breaches and data loss.

Recommendation

It is recommended to upgrade to version 0.7.5 or later to secure the MCP control plane and restrict access to trusted origins.

Original NVD description (English source)

Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS (allow_origins=*, allow_methods=*, allow_headers=*). Because the same server also exposed a PowerShell tool that executes caller-controlled commands as the Windows user running Windows-MCP, attackers could reach the control plane from arbitrary origins or non-browser clients and achieve arbitrary PowerShell execution. This issue was fixed in version 0.7.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS