Active Exploitation of Weaver E-cology RCE Vulnerability CVE-2026-22679

Severity: High (Score: 72.9)

Sources: Cybersecuritynews, Bleepingcomputer

Summary

A critical vulnerability (CVE-2026-22679) in the Weaver E-cology platform is being actively exploited. This unauthenticated remote code execution flaw affects Weaver E-cology 10.0 builds released before March 12, 2026. The vulnerability stems from an exposed debug API endpoint that allows attackers to execute arbitrary commands without authentication. Attacks began in mid-March 2026, shortly after a security update was released, and researchers observed multiple phases of exploitation, including attempts to deploy malicious payloads. Despite the attackers' efforts, endpoint defenses blocked most of their activities, and no persistent sessions were established. Users are urged to apply the latest security updates to mitigate the risk. The CVSS score for this vulnerability is 9.8, indicating its critical nature. The vendor's fix removes the debug endpoint entirely, making immediate updates essential for affected organizations. Key Points: • CVE-2026-22679 is a critical RCE vulnerability with a CVSS score of 9.8. • Active exploitation began in mid-March 2026, shortly after a security update was released. • Users of Weaver E-cology 10.0 are advised to upgrade to the latest version to mitigate risks.

Key Entities

• Zero-day Exploit (attack_type)
• Weaver E-cology (company)
• CVE-2026-22679 (cve)
• CWE-287 - Improper Authentication (cwe)
• CWE-78 - OS Command Injection (cwe)
• T1027 - Obfuscated Files Or Information (mitre_attack)
• T1057 - Process Discovery (mitre_attack)
• T1059.001 - PowerShell (mitre_attack)
• T1082 - System Information Discovery (mitre_attack)
• T1105 - Ingress Tool Transfer (mitre_attack)
• Java (platform)
• Goby (tool)
• PowerShell (tool)