Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Summary
A critical remote code execution vulnerability, CVE-2026-22679, has been discovered in Weaver E-cology, an enterprise office automation platform. The flaw, affecting versions prior to 20260312, has a high CVSS score of 9.8 and is reportedly being actively exploited in the wild.
IFF Assessment
This article describes a critical vulnerability that is actively being exploited, posing a significant threat to organizations using the affected software.
Severity
The CVSS score of 9.8 indicates a critical severity, likely due to a high attack vector (remote, unauthenticated), high complexity, and significant impact on confidentiality, integrity, and availability.
Defender Context
Defenders should prioritize patching Weaver E-cology instances immediately, as this RCE vulnerability is already being actively exploited. Monitoring network traffic for indicators of compromise related to the debug API and the specified exploit path is crucial to detect ongoing or attempted attacks.