Description
A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
Published: 2026-07-03
Score: 7.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Kong Konnect Model Context Protocol (MCP) server, present in all releases before version 1.0.0, allows a remote attacker to perform an indirect prompt injection by sending crafted analytics data. The injected prompt leads the server to execute unintended API requests, potentially exposing stored credentials or other sensitive information. This issue is classified as a CWE‑20 input validation failure, where the server accepts unsanitized input from untrusted data sources.

Affected Systems

KongHQ mcp-konnect servers running any version earlier than 1.0.0 are affected. No specific minor or patch releases are listed, so any pre‑1.0.0 version is vulnerable.

Risk and Exploitability

The CVSS score of 7.4 indicates high severity. Because no EPSS score is available, the exact likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote; it exploits the server’s handling of untrusted analytics data, allowing an attacker to inject prompts that trigger unintended API calls.

Generated by OpenCVE AI on July 4, 2026 at 00:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Kong Konnect MCP to version 1.0.0 or later so that the input validation flaw is removed.
  • Restrict the sources of analytics data so that only trusted, internally generated data is ingested by MCP, mitigating the risk of untrusted payloads reaching the server.
  • Add strict input validation on the MCP endpoints to reject malformed or unexpected prompt data, addressing the CWE‑20 weakness.
  • Monitor MCP logs for unusual API request patterns that may indicate attempted prompt injection or credential abuse.

Generated by OpenCVE AI on July 4, 2026 at 00:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Jul 2026 11:00:00 +0000

Type Values Removed Values Added
Description A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
Title Prompt Injection and Credential Exposure via Untrusted Analytics Data in Kong Konnect MCP
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Kong

Published:

Updated: 2026-07-03T10:19:10.646Z

Reserved: 2026-06-25T14:11:55.561Z

Link: CVE-2026-13341

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-04T01:00:15Z

Weaknesses
  • CWE-20

    Improper Input Validation