๐Ÿ” CVE Alert

CVE-2026-13341

HIGH 7.4

Prompt Injection and Credential Exposure via Untrusted Analytics Data in Kong Konnect MCP

CVSS Score
7.4
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

CWE CWE-20
Vendor konghq
Product mcp-konnect
Published Jul 3, 2026
Stay Ahead of the Next One

Get instant alerts for konghq mcp-konnect

Be the first to know when new high vulnerabilities affecting konghq mcp-konnect are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

KongHQ / mcp-konnect
0 < 1.0.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/Kong/mcp-konnect/security/advisories/GHSA-7767-3m3w-2p44

Credits

Eli Ainhorn (https://www.linkedin.com/in/eli-ainhorn/), Noma Security (https://noma.security)