Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

2026-05-05

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

A critical unauthenticated remote code execution vulnerability in Weaver E-cology enterprise platform (CVE-2026-22679, CVSS 9.8) has been actively exploited since March 17, 2026.

•The flaw resides in the /papi/esearch/data/devops/dubboApi/debug/method endpoint affecting versions prior to 20260312
•Attackers craft POST requests with attacker-controlled interfaceName and methodName parameters to execute arbitrary commands
•Active exploitation shows RCE verification, failed payload drops, MSI implant attempts using "fanwei0324.msi," and PowerShell payload retrieval attempts
•Attackers executed discovery commands including whoami, ipconfig, and tasklist throughout the campaign
•Security researchers released Python-based detection scripts to identify vulnerable instances

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Mitigate credential exposure in Windows environments with Boundary and Vault

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)