CVE-2026-22679

CRITICAL EXPLOITED

Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint

Title source: cna

Exploitation Summary

CVE-2026-22679 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including keraattin.

AI-analyzed exploit summary The repository contains a Python script that detects the presence of CVE-2026-22679 in Weaver E-cology instances by checking for an exposed dubboApi debug endpoint. It does not exploit the vulnerability but confirms its presence through safe HTTP requests.

Description

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).

Exploits (1)

nomisec SCANNER

by keraattin · poc

https://github.com/keraattin/CVE-2026-22679

View Code ZIP pw:eip

The repository contains a Python script that detects the presence of CVE-2026-22679 in Weaver E-cology instances by checking for an exposed dubboApi debug endpoint. It does not exploit the vulnerability but confirms its presence through safe HTTP requests.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Weaver E-cology 10.0 (versions prior to 20260312)

No auth needed

Prerequisites: Network access to the target system · Exposed dubboApi debug endpoint

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 17, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources

https://blog.vega.io/posts/cve-2026-22679-weaver-ecology-exploitation/

Release Notes release-notes

https://www.weaver.com.cn/cs/securityDownload.html#

Exploit technical-description exploit

https://h4cker.zip/post/d5d211/

Third Party Advisory third-party-advisory

https://ti.qianxin.com/vulnerability/notice-detail/1760

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-rce-via-dubboapi-debug-endpoint

Scores

CVSS v3 9.8

EPSS 0.0030

EPSS Percentile 53.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2026-04-07

CWE

CWE-306

Status published

Products (2)

weaver/e-cology < 20260312

Weaver Network Co., Ltd./E-cology < 20260312

Published Apr 07, 2026

Tracked Since Apr 07, 2026