CVE-2026-13341

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

Credits

Eli Ainhorn (https://www.linkedin.com/in/eli-ainhorn/), Noma Security (https://noma.security)

References