A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 03 Jul 2026 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests. | |
| Title | Prompt Injection and Credential Exposure via Untrusted Analytics Data in Kong Konnect MCP | |
| Weaknesses | CWE-20 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Kong
Published:
Updated: 2026-07-03T10:19:10.646Z
Reserved: 2026-06-25T14:11:55.561Z
Link: CVE-2026-13341
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses