Skip to main content

Mcp Konnect

1 CVEs product

Monthly

CVE-2026-13341 HIGH PATCH This Week

Indirect prompt injection in the Kong Konnect Model Context Protocol (MCP) server (konghq mcp-konnect) before version 1.0.0 allows a remote attacker to smuggle malicious instructions into content that an LLM agent processes, causing the agent to issue unintended Kong Konnect API requests. Because the injected instructions execute with the trust and credentials of the connected agent, an attacker can exfiltrate sensitive Konnect data or drive management API calls the operator never intended. No public exploit identified at time of analysis, but the CVSS 7.4 rating (scope-changed, confidentiality-high) reflects meaningful impact once an agent ingests attacker-controlled data.

Code Injection Mcp Konnect
NVD GitHub
CVSS 3.1
7.4
EPSS
0.3%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Indirect prompt injection in the Kong Konnect Model Context Protocol (MCP) server (konghq mcp-konnect) before version 1.0.0 allows a remote attacker to smuggle malicious instructions into content that an LLM agent processes, causing the agent to issue unintended Kong Konnect API requests. Because the injected instructions execute with the trust and credentials of the connected agent, an attacker can exfiltrate sensitive Konnect data or drive management API calls the operator never intended. No public exploit identified at time of analysis, but the CVSS 7.4 rating (scope-changed, confidentiality-high) reflects meaningful impact once an agent ingests attacker-controlled data.

Code Injection Mcp Konnect
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy