Daniel Messing

**Name of the Vulnerable Software and Affected Versions** Weaver (Fanwei) E-cology versions prior to 20260312 **Description** An unauthenticated remote code execution issue exists due to exposed debug functionality. Attackers can execute arbitrary system commands by sending crafted POST requests to the '/papi/esearch/data/devops/dubboApi/debug/method' endpoint. This is achieved by controlling the `interfaceName` and `methodName` parameters to reach command-execution helpers. Real-world exploitation has been observed since mid-March, with evidence first noted by the Shadowserver Foundation on 2026-03-31 (UTC). **Recommendations** Update to version 20260312 or later. As a temporary workaround, restrict access to the '/papi/esearch/data/devops/dubboApi/debug/method' endpoint to minimize the risk of exploitation.