Impact
A flaw in the Kong Konnect Model Context Protocol (MCP) server, present in all releases before version 1.0.0, allows a remote attacker to perform an indirect prompt injection by sending crafted analytics data. The injected prompt leads the server to execute unintended API requests, potentially exposing stored credentials or other sensitive information. This issue is classified as a CWE‑20 input validation failure, where the server accepts unsanitized input from untrusted data sources.
Affected Systems
KongHQ mcp-konnect servers running any version earlier than 1.0.0 are affected. No specific minor or patch releases are listed, so any pre‑1.0.0 version is vulnerable.
Risk and Exploitability
The CVSS score of 7.4 indicates high severity. Because no EPSS score is available, the exact likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote; it exploits the server’s handling of untrusted analytics data, allowing an attacker to inject prompts that trigger unintended API calls.
OpenCVE Enrichment