Weaver E-cology critical bug exploited in attacks since March
Weaver E-cology critical bug exploited in attacks since March
Publish Date: 2026-05-04 18:12:57
Source Domain: www.bleepingcomputer.com
Summary:
The article highlights a critical security vulnerability (CVE-2026-22679) in the Weaver E-cology office automation system that a group of hackers exploited shortly after a security update was issued but before the issue was publicly disclosed. Researchers from Vega, a threat intelligence company, identified and documented this ongoing exploitation, detailing the various attack phases attempted by the malicious actors. The vulnerability allows unauthenticated remote code execution, originating from an improperly secured debug API endpoint in E-cology’s server that lacks proper authentication or input validation. Despite having the chance to establish a persistent session via the discovered remote code execution method, the attackers primarily used reconnaissance tools and subsequently shifted to obtaining remote scripts without successful deployment of malicious payloads. To protect against this flaw, Weaver E-cology users are strongly advised to immediately update to the latest available security patch that removes the vulnerable debug endpoint.
Key Points:
- Hackers exploited CVE-2026-22679 in Weaver E-cology for discovery commands before a public disclosure.
- The attack occurred shortly after the patch release and involved reconnaissance and script fetching attempts.
- The vulnerability allows for unauthenticated remote code execution via a debug API endpoint.
- No persistent attacker session was established; only reconnaissance commands were executed.
- Immediate software updating to the latest version is the only recommended mitigation.
