HIGH
CursorTouch
CVE published 2026-06-17
CVE-2026-48989
CVE-2026-48989 is a high-severity vulnerability in Windows-MCP, an open-source project integrating AI agents with Windows. Versions prior to 0.7.5 exposed the MCP control plane without authentication, enabling wildcard CORS. This allowed attackers to execute arbitrary PowerShell commands as the Windows user running Windows-MCP. The issue was fixed in version 0.7.5. Affected users should update to the late [truncated]