PatchSiren

CursorTouch CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH CursorTouch CVE published 2026-06-17

CVE-2026-48989

CVE-2026-48989 is a high-severity vulnerability in Windows-MCP, an open-source project integrating AI agents with Windows. Versions prior to 0.7.5 exposed the MCP control plane without authentication, enabling wildcard CORS. This allowed attackers to execute arbitrary PowerShell commands as the Windows user running Windows-MCP. The issue was fixed in version 0.7.5. Affected users should update to the late [truncated]