Lucene search
K

4 matches found

The Hacker News
The Hacker News
added 2026/05/05 7:37 a.m.14 views

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver Fanwei E-cology, an enterprise office automation OA and collaboration platform, has come under active exploitation in the wild. The vulnerability CVE-2026-22679 , CVSS score: 9.8 relates to a case of unauthenticated remote code execution affecting Weave...

9.8CVSS6.8AI score0.2148EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/07 12:51 p.m.4 views

CVE-2026-22679 Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...

9.8CVSS6.7AI score0.2148EPSS
Exploits1References4
CVE
CVE
added 2026/04/07 12:51 p.m.29 views

CVE-2026-22679

Weaver E-cology 10.0 (prior to build 20260312) is affected by CVE-2026-22679. The flaw is an unauthenticated RCE exposed at /papi/esearch/data/devops/dubboApi/debug/method, where attacker-controlled interfaceName and methodName parameters trigger command-execution via the Dubbo RPC layer. Exploit...

9.8CVSS6.7AI score0.2148EPSS
In wildExploits1References5Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/04/07 12:0 a.m.28 views

VulnCheck KEV: CVE-2026-22679

Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...

9.8CVSS6.7AI score0.2148EPSS
In wildExploits1References2
Rows per page
Query Builder