CVE Catalog

CVE-2026-13341

HighCVSS 7.4
Published: Translated: NVD NIST

Summary

A vulnerability in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0 allows a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

Risk Assessment

An attacker could exploit this flaw to manipulate API requests, potentially leading to unauthorized data access or malicious operations within the system.

Recommendation

Immediately update the Kong Konnect MCP server to version 1.0.0 or later, which includes a fix that mitigates the prompt injection vulnerability.

Original NVD description (English source)

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS