{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22679", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-01-08T19:04:26.365Z", "datePublished": "2026-04-07T12:51:22.789Z", "dateUpdated": "2026-05-05T13:39:47.937Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T12:53:28.627Z"}, "title": "Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "type": "CWE"}]}], "affected": [{"vendor": "Weaver Network Co., Ltd.", "product": "E-cology", "versions": [{"status": "affected", "version": "0", "lessThan": "20260312", "versionType": "date"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Weaver (Fanwei) E-cology 10.0 versions prior to\u00a020260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system.\u00a0Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC)."}]}], "tags": ["x_known-exploited-vulnerability"], "references": [{"url": "https://www.weaver.com.cn/cs/securityDownload.html#", "tags": ["release-notes"]}, {"url": "https://h4cker.zip/post/d5d211/", "tags": ["technical-description", "exploit"]}, {"url": "https://ti.qianxin.com/vulnerability/notice-detail/1760", "tags": ["third-party-advisory"]}, {"url": "https://www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-rce-via-dubboapi-debug-endpoint", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "CRITICAL", "baseScore": 9.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "The Shadowserver Foundation", "type": "reporter"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"references": [{"url": "https://blog.vega.io/posts/cve-2026-22679-weaver-ecology-exploitation/", "tags": ["third-party-advisory"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T13:29:59.333562Z", "id": "CVE-2026-22679", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-05T13:39:47.937Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22679", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T13:29:59.333562Z"}}}], "references": [{"url": "https://blog.vega.io/posts/cve-2026-22679-weaver-ecology-exploitation/", "tags": ["third-party-advisory"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T13:30:29.686Z"}}], "cna": {"tags": ["x_known-exploited-vulnerability"], "title": "Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "The Shadowserver Foundation"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Weaver Network Co., Ltd.", "product": "E-cology", "versions": [{"status": "affected", "version": "0", "lessThan": "20260312", "versionType": "date"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.weaver.com.cn/cs/securityDownload.html#", "tags": ["release-notes"]}, {"url": "https://h4cker.zip/post/d5d211/", "tags": ["technical-description", "exploit"]}, {"url": "https://ti.qianxin.com/vulnerability/notice-detail/1760", "tags": ["third-party-advisory"]}, {"url": "https://www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-rce-via-dubboapi-debug-endpoint", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Weaver (Fanwei) E-cology 10.0 versions prior to\u00a020260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system.\u00a0Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).", "supportingMedia": [{"type": "text/html", "value": "Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T12:53:28.627Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22679", "state": "PUBLISHED", "dateUpdated": "2026-05-05T13:39:47.937Z", "dateReserved": "2026-01-08T19:04:26.365Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-07T12:51:22.789Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A808816-DE12-4872-974E-0A2B2FEF4219", "versionEndExcluding": "20260312", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Weaver (Fanwei) E-cology 10.0 versions prior to\u00a020260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system.\u00a0Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC)."}], "id": "CVE-2026-22679", "lastModified": "2026-05-05T14:16:07.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-07T13:16:45.400", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Broken Link"], "url": "https://h4cker.zip/post/d5d211/"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://ti.qianxin.com/vulnerability/notice-detail/1760"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-rce-via-dubboapi-debug-endpoint"}, {"source": "disclosure@vulncheck.com", "tags": ["Patch"], "url": "https://www.weaver.com.cn/cs/securityDownload.html#"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://blog.vega.io/posts/cve-2026-22679-weaver-ecology-exploitation/"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,20260312)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "E-cology", "source": "cna", "vendor": "Weaver Network Co., Ltd."}, "product": "e-cology", "vendor": "weaver"}], "analysis": {"en": {"generated_at": "2026-04-07T20:12:16.001581+00:00", "value": {"mitigation_remediation": ["Apply the latest E\u2011Cology 10.0 patch (20260312 or newer).", "Verify the update by checking the installed version or release notes.", "If patching cannot be performed immediately, block or restrict access to the /papi/esearch/data/devops/dubboApi/debug/method endpoint."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Weaver Network Co., Ltd.\u2019s E\u2011Cology 10.0 software, with all versions released before 20260312 being vulnerable. No other vendors or product variants are known to be impacted.", "description_and_impact": "An unauthenticated remote code execution vulnerability exists in Weaver E\u2011Cology 10.0 systems. The flaw is exposed via the /papi/esearch/data/devops/dubboApi/debug/method endpoint, which accepts arbitrary interfaceName and methodName parameters in POST requests. Attackers can trigger command\u2011execution helpers and run arbitrary shell commands, giving them full control over the affected system. The weakness corresponds to inappropriate authentication controls (CWE\u2011306).", "risk_and_exploitability": "The CVSS score of 9.3 denotes a critical severity. The EPSS score is unavailable, but the exploit was observed by the Shadowserver Foundation on 2026\u201103\u201131, indicating real-world use. Attackers can reach the debug endpoint over HTTP and craft malicious POST payloads to trigger the vulnerability; this attack path does not require prior authentication, as the endpoint lacks enforcement, making exploitation straightforward. The vulnerability is not yet listed in CISA\u2019s KEV catalog, but its critical score and documented exploitation suggest high potential risk."}}}}, "created": "2026-04-08T19:38:00.414335+00:00", "updated": "2026-04-08T19:49:33.475414+00:00", "vendors": ["weaver", "weaver$PRODUCT$e-cology"]}