FeedVulnerabilityWeaver E-cology critical bug exploited in attacks since Marc...
VulnerabilityBleeping Computer
9.8CRITICAL

Weaver E-cology critical bug exploited in attacks since March

📅 4 May 2026 at 22:12 UTC📰 Bleeping ComputerView original source ↗
Weaver E-cology critical bug exploited in attacks since March

Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. [...]

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A critical vulnerability in Weaver E-cology office automation was exploited by hackers since mid-March, allowing attackers to execute arbitrary commands on targeted servers without authentication or input validation.

⚙️Technical Details
CVEs
CVE-2026-22679Affected Systems: Weaver E-Cology 10.0 builds prior to March 12Attack Vectors: NETWORK, LOW
Affected Systems
Weaver E-Cology 10.0 builds prior to March 12
Attack Vectors
NETWORK, LOW
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Chinese organizations using Weaver E-cology office automation
🛡️Recommended Actions
1Apply the security update available through the vendor's site as soon as possible
2Monitor for suspicious activity and block any unknown commands
3Implement additional security measures to prevent similar attacks in the future
📦Affected Products
Weaver E-Cology
🔐NVD Verified DataVERIFIED
CVE-2026-22679CVSS 9.8CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-306
Affected Products (CPE)
Weaver E-Cology

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer
← Back to feed