PatchSiren cyber security CVE debrief
CVE-2026-48989 CursorTouch CVE debrief
CVE-2026-48989 is a high-severity vulnerability in Windows-MCP, an open-source project integrating AI agents with Windows. Versions prior to 0.7.5 exposed the MCP control plane without authentication, enabling wildcard CORS. This allowed attackers to execute arbitrary PowerShell commands as the Windows user running Windows-MCP. The issue was fixed in version 0.7.5. Affected users should update to the latest version to prevent potential attacks. The vulnerability exists due to insecure HTTP modes, and security teams should review their inventory of affected systems and prioritize patching.
- Vendor
- CursorTouch
- Product
- Windows-MCP
- CVSS
- HIGH 8.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-23
Who should care
Users of Windows-MCP versions prior to 0.7.5 should update to the latest version to prevent potential attacks. Security teams should review their inventory of affected systems and prioritize patching. Affected operators and platforms should take immediate action to mitigate the vulnerability. Vulnerability management and security teams should monitor for suspicious activity and track exceptions.
Technical summary
The vulnerability exists in Windows-MCP, an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication, allowing wildcard CORS. This enabled attackers to reach the control plane from arbitrary origins or non-browser clients and achieve arbitrary PowerShell execution. The issue was addressed in version 0.7.5. The vulnerability has a CVSS score of 8.9 and is classified as HIGH.
Defensive priority
Highest priority should be given to patching affected systems, as the vulnerability allows for arbitrary PowerShell execution. Security teams should review compensating controls for exposed systems while remediation is scheduled and verified. Monitoring and detection capabilities should be reviewed to ensure they can detect potential exploitation attempts. Asset inventory and rollback/change windows should also be reviewed to ensure affected systems are properly managed.
Recommended defensive actions
- Update Windows-MCP to version 0.7.5 or later
- Review inventory of affected systems
- Prioritize patching
- Monitor for suspicious activity
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-17T22:16:23.040Z and has been modified since then. The NVD entry is currently Awaiting Analysis. The vulnerability has a CVSS score of 8.9 and is classified as HIGH. Evidence is limited, and defenders should verify the affected scope and vendor guidance. The Windows-MCP project integrates AI agents with Windows, and versions prior to 0.7.5 are affected.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T22:16:23.040Z and has been modified since then. The NVD entry is currently Awaiting Analysis.