CVE-2026-48989P2HIGHCVSS 8.9fixed in 0.7.52026-06-17
CVE-2026-48989 [HIGH] CWE-306 CVE-2026-48989: Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0
Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcard CORS (allow_origins=*, allow_methods=*, allow_headers=*). Because the same server also exposed a PowerShell tool that executes caller-controlled comman
cvelistv5nvd