Remote Code Execution Vulnerability in Kong Konnect Model Context Protocol Server
CVE-2026-13341

7.4HIGH

Key Information:

Vendor

Konghq

Vendor
CVE Published:
3 July 2026

What is CVE-2026-13341?

A vulnerability has been identified in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0. This security flaw allows remote attackers to execute indirect prompt injection attacks, leading to unintended API requests. As a result, unauthorized commands could be executed, posing significant security risks. It's crucial for users to update to the latest version to mitigate these vulnerabilities and protect their systems.

Affected Version(s)

mcp-konnect 0 < 1.0.0

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eli Ainhorn (https://www.linkedin.com/in/eli-ainhorn/), Noma Security (https://noma.security)
.