Weaver E-cology critical bug exploited in attacks since March
Summary
Hackers are actively exploiting a critical vulnerability in the Weaver E-cology office automation software. This flaw, identified as CVE-2026-22679, allows attackers to execute discovery commands on compromised systems. The exploitation has been ongoing since mid-March.
IFF Assessment
The exploitation of a critical vulnerability by hackers is bad news for defenders as it enables unauthorized access and control.
Severity
This is a critical vulnerability that allows for remote code execution and discovery commands with minimal user interaction, suggesting a high attack vector and significant impact.
Defender Context
Defenders should prioritize patching the Weaver E-cology software immediately to mitigate the risk of this critical vulnerability. Monitoring network traffic for signs of discovery commands or unauthorized execution related to this vulnerability is crucial. This highlights the ongoing threat of exploiting widely used office automation tools.