Skip to main content

E Cology CVE-2026-22679

| EUVDEUVD-2026-19607 CRITICAL
Missing Authentication for Critical Function (CWE-306)
2026-04-07 VulnCheck GHSA-vg4v-xjcr-x7p5
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
Re-analysis Queued
Apr 24, 2026 - 15:37 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:45 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
20260312
PoC Detected
Apr 07, 2026 - 13:20 vuln.today
Public exploit code
EUVD ID Assigned
Apr 07, 2026 - 13:00 euvd
EUVD-2026-19607
Analysis Generated
Apr 07, 2026 - 13:00 vuln.today
CVE Published
Apr 07, 2026 - 12:51 nvd
CRITICAL 9.3

DescriptionCVE.org

Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName and methodName parameters to reach command-execution helpers and achieve arbitrary command execution on the system. Exploitation evidence was first observed by the Shadowserver Foundation on 2026-03-31 (UTC).

AnalysisAI

Unauthenticated remote code execution in Weaver E-cology 10.0 (pre-20260312) allows attackers to execute arbitrary system commands via exposed debug functionality at /papi/esearch/data/devops/dubboApi/debug/method. Attackers exploit this by sending crafted POST requests with malicious interfaceName and methodName parameters to invoke command-execution helpers. Confirmed actively exploited (CISA KEV) with exploitation first observed by Shadowserver Foundation on March 31, 2026. Publicly available exploit code exists (h4cker.zip PoC), CVSS 9.8 (Critical), EPSS data not provided but real-world exploitation confirmed.

Technical ContextAI

This vulnerability affects Weaver E-cology 10.0, an enterprise collaboration and office automation platform widely deployed in Chinese organizations (CPE: cpe:2.3:a:weaver_network_co.,_ltd.:e-cology). The root cause is CWE-306 (Missing Authentication for Critical Function), where a Dubbo API debug endpoint at /papi/esearch/data/devops/dubboApi/debug/method lacks authentication controls and exposes dangerous debugging functionality to the public network. Dubbo is a popular Java RPC framework, and debug endpoints typically allow method invocation for troubleshooting. In this case, the interfaceName and methodName parameters accept attacker-controlled input that can reference internal command-execution utility classes, effectively turning the debug interface into a remote shell. The vulnerability bypasses all authentication mechanisms, making it directly exploitable from the internet without credentials.

RemediationAI

Immediately upgrade to Weaver E-cology 10.0 version 20260312 or later, which addresses this vulnerability according to the vendor security download page (https://www.weaver.com.cn/cs/securityDownload.html). Given confirmed active exploitation, this patch should be treated as an emergency deployment with priority over standard change management procedures. If immediate patching is not feasible, implement network-level controls to block external access to the /papi/esearch/data/devops/dubboApi/debug/* endpoint path using web application firewalls or reverse proxies, and restrict E-cology administrative interfaces to trusted internal networks only. Conduct forensic investigation on all E-cology instances to identify potential compromise indicators, including unusual process execution, unauthorized user accounts, web shell artifacts, or suspicious outbound network connections since March 31, 2026. Consult the VulnCheck advisory (https://www.vulncheck.com/advisories/weaver-e-cology-unauthenticated-rce-via-dubboapi-debug-endpoint) for additional technical indicators of compromise and detection guidance.

CVE-2023-2806 HIGH POC
8.8 May 19

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Rated high severity (CVSS 8.8), this v

CVE-2022-50992 HIGH POC
8.7 Apr 30

Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet i

CVE-2025-34038 HIGH POC
7.5 Jun 24

CVE-2025-34038 is an unauthenticated SQL injection vulnerability in Weaver E-cology 8.0's getdata.jsp endpoint that allo

CVE-2024-7704 MEDIUM POC
6.9 Aug 12

A vulnerability was found in Weaver e-cology 8. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploit

CVE-2019-10272 MEDIUM POC
6.1 Apr 30

An issue was discovered in Weaver e-cology 9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploit

CVE-2023-51892 CRITICAL
9.8 Jan 20

An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to th

CVE-2024-48072 CRITICAL
9.8 Nov 19

Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component. Rated critical severity (

CVE-2024-48070 CRITICAL
9.8 Nov 19

An issue in Weaver E-cology v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authen

CVE-2024-48069 CRITICAL
9.8 Nov 19

A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to uploa

CVE-2023-3793 CRITICAL
9.8 Jul 20

A vulnerability was found in Weaver e-cology. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit

CVE-2024-48071 MEDIUM
6.5 Nov 19

E-cology has a directory traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely explo

Share

CVE-2026-22679 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy