Remote Code Execution Vulnerability in Kong Konnect Model Context Protocol Server
CVE-2026-13341
7.4HIGH
What is CVE-2026-13341?
A vulnerability has been identified in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0. This security flaw allows remote attackers to execute indirect prompt injection attacks, leading to unintended API requests. As a result, unauthorized commands could be executed, posing significant security risks. It's crucial for users to update to the latest version to mitigate these vulnerabilities and protect their systems.
Affected Version(s)
mcp-konnect 0 < 1.0.0
References
CVSS V3.1
Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Eli Ainhorn (https://www.linkedin.com/in/eli-ainhorn/), Noma Security (https://noma.security)
