CVE-2026-13341
HighCVSS 7.4Summary
A vulnerability in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0 allows a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
Risk Assessment
An attacker could exploit this flaw to manipulate API requests, potentially leading to unauthorized data access or malicious operations within the system.
Recommendation
Immediately update the Kong Konnect MCP server to version 1.0.0 or later, which includes a fix that mitigates the prompt injection vulnerability.
Original NVD description (English source)
A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

