Summary
Weaver E-cology is facing active exploitation of a critical unauthenticated RCE vulnerability (CVE-2026-22679) that allows attackers to run system commands via an exposed debug API. The attacks involve multi-stage payloads and defense evasion techniques like renaming system binaries to bypass security software.
Take Action:
If you have Weaver E-cology 10.0, make sure the system is isolated from the internet and accessible only from trusted networks. Then apply the security update to build 20260312 or later ASAP and review logs for signs of exploitation. Attackers have been active since mid-March 2026.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)