4 matches found
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
A critical security vulnerability in Weaver Fanwei E-cology, an enterprise office automation OA and collaboration platform, has come under active exploitation in the wild. The vulnerability CVE-2026-22679 , CVSS score: 9.8 relates to a case of unauthenticated remote code execution affecting Weave...
CVE-2026-22679 Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint
Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...
CVE-2026-22679
Weaver E-cology 10.0 (prior to build 20260312) is affected by CVE-2026-22679. The flaw is an unauthenticated RCE exposed at /papi/esearch/data/devops/dubboApi/debug/method, where attacker-controlled interfaceName and methodName parameters trigger command-execution via the Dubbo RPC layer. Exploit...
VulnCheck KEV: CVE-2026-22679
Weaver Fanwei E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft PO...