CVE-2026-48989
HighCVSS 8.9Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
In versions prior to 0.7.5 of the Windows-MCP project, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS. This allowed attackers to remotely execute PowerShell commands as the Windows user.
Risk Assessment
The organization may be exposed to unauthorized PowerShell command execution, potentially leading to serious security breaches and data loss.
Recommendation
It is recommended to upgrade to version 0.7.5 or later to secure the MCP control plane and restrict access to trusted origins.
Original NVD description (English source)
Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS (allow_origins=*, allow_methods=*, allow_headers=*). Because the same server also exposed a PowerShell tool that executes caller-controlled commands as the Windows user running Windows-MCP, attackers could reach the control plane from arbitrary origins or non-browser clients and achieve arbitrary PowerShell execution. This issue was fixed in version 0.7.5.

