PT-2026-55525 · Kong · Kong Konnect Mcp Server
Eli Ainhorn
·
Published
2026-07-03
·
Updated
2026-07-03
·
CVE-2026-13341
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Kong Konnect MCP server versions prior to 1.0.0
Description
An issue exists where the server fails to properly validate content returned to the Large Language Model (LLM). This allows a remote attacker to perform an indirect prompt injection by placing malicious text within data that the AI agent reads. Consequently, the agent may interpret these smuggled instructions as its own and execute unintended API requests against Kong Konnect using its own permissions, which could lead to the exposure of sensitive data.
Recommendations
Update Kong Konnect MCP server to version 1.0.0 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kong Konnect Mcp Server