Critical RCE in Weaver E‑cology (CVE‑2026‑22679) Actively Exploited via Debug API

Colleagues, please note: active exploitation of a critical RCE in Weaver E‑cology (CVE‑2026‑22679) has been observed.
- The vulnerability (CVSS 9.8) permits unauthenticated code execution via /papi/esearch/data/devops/dubboApi/debug/method by manipulating interfaceName and methodName parameters.
- Shadowserver recorded exploitation from 31 Mar 2026; QiAnXin reproduced it on 17 Mar; Vega Research Team described a campaign delivering an MSI (fanwei0324.msi), executing discovery commands and fetching PowerShell payloads.
- Kerem Oruc published a Python script to locate vulnerable instances.
Why it matters: unauthenticated RCE provides direct infrastructure access and requires immediate patching.
Have you applied the patch in your environments?
#cybersecurity #vulnerabilities #Weaver #RCE


Latest comments
No comments yet.