216.73.216.128

CVE-2026-22679

· Published 07/04/2026 13:16 · Modified 07/04/2026 13:20

Labels: CVE-2026-22679 2026-04-07CVE-2026-22679CWE-306[email protected]

Essential information

Published
07/04/2026 13:16
Modified
07/04/2026 13:20
Author
Creator
CVSS
9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).

NVD status

Status
Undergoing Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
weaver / fanwei e-cology cpe:2.3:a:weaver:fanwei_e-cology:<10.0:*:*:*:*:*:*:*
weaver / fanwei e-cology cpe:2.3:a:weaver:fanwei_e-cology:10.0:*:*:*:*:*:*:*

References