Mcp Konnect
Monthly
Indirect prompt injection in the Kong Konnect Model Context Protocol (MCP) server (konghq mcp-konnect) before version 1.0.0 allows a remote attacker to smuggle malicious instructions into content that an LLM agent processes, causing the agent to issue unintended Kong Konnect API requests. Because the injected instructions execute with the trust and credentials of the connected agent, an attacker can exfiltrate sensitive Konnect data or drive management API calls the operator never intended. No public exploit identified at time of analysis, but the CVSS 7.4 rating (scope-changed, confidentiality-high) reflects meaningful impact once an agent ingests attacker-controlled data.
Indirect prompt injection in the Kong Konnect Model Context Protocol (MCP) server (konghq mcp-konnect) before version 1.0.0 allows a remote attacker to smuggle malicious instructions into content that an LLM agent processes, causing the agent to issue unintended Kong Konnect API requests. Because the injected instructions execute with the trust and credentials of the connected agent, an attacker can exfiltrate sensitive Konnect data or drive management API calls the operator never intended. No public exploit identified at time of analysis, but the CVSS 7.4 rating (scope-changed, confidentiality-high) reflects meaningful impact once an agent ingests attacker-controlled data.