CVE-2026-13341

Summary

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

Affected Software

VendorProductVersion RangeStatus
KongHQmcp-konnect0 < 1.0.0affected

Weaknesses

  • CWE-20: CWE-20 Improper input validation

References