A critical unauthenticated remote code execution vulnerability (CVE-2026-22679, CVSS 9.8) in Weaver E-cology stems from an exposed debug API endpoint that passes unvalidated user input to backend RPC functionality, allowing attackers to execute system commands. Affected versions are Weaver E-cology prior to version 20260312. The only recommended mitigation is to upgrade to the fixed version, 20260312.
Vulnerability Management , Patch/Configuration Management Hackers exploit critical Weaver E-cology vulnerability May 5, 2026 Share By SC Staff Per Bleeping Computer, hackers have been actively exploiting a critical vulnerability, identified as CVE-2026-22679, in the Weaver E-cology office automation platform since mid-March. This exploitation began just five days after the software vendor released a patch for the issue and two weeks before its public disclosure. Threat intelligence company Vega documented the attacks, which targeted organizations primarily in China that use Weaver E-cology for workflows, document management, and internal business processes. The critical unauthenticated remote code execution flaw stems from an exposed debug API endpoint that allows unvalidated, user-supplied parameters to reach backend Remote Procedure Call (RPC) functionality. Attackers used this to execute system commands, initially attempting discovery commands via ping and PowerShell downloads, which were blocked. They then tried to deploy an MSI installer, which also failed. Subsequently, they reverted to using obfuscated, fileless PowerShell scripts fetched remotely, executing reconnaissance commands like whoami and ipconfig. Despite having remote code execution capabilities, the attackers did not establish persistent sessions. Users of Weaver E-cology 10.0 are strongly advised to apply the security updates provided by the vendor, as upgrading is the only recommended mitigation. Source: Bleeping Computer SC Staff Related Vulnerability Management Critical 9.8 Weaver E-cology vulnerability actively exploited Steve Zurier May 5, 2026 Critical Weaver E-cology bug exploited for RCE, exposing core enterprise workflows and secrets. AI/ML NCSC warns AI accelerates vulnerability discovery, prompting urgent patch wave SC Staff May 5, 2026 The NCSC highlights that skilled attackers leveraging AI can identify software weaknesses at an unprecedented pace. Vulnerability Management Progress Software warns of critical MOVEit Automation vulnerability SC Staff May 5, 2026 The vulnerability, tracked as CVE-2026-4670, affects multiple versions of MOVEit Automation. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds