PT-2026-55525 · Kong · Kong Konnect Mcp Server

Eli Ainhorn

·

Published

2026-07-03

·

Updated

2026-07-03

·

CVE-2026-13341

CVSS v3.1

7.4

High

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Kong Konnect MCP server versions prior to 1.0.0
Description An issue exists where the server fails to properly validate content returned to the Large Language Model (LLM). This allows a remote attacker to perform an indirect prompt injection by placing malicious text within data that the AI agent reads. Consequently, the agent may interpret these smuggled instructions as its own and execute unintended API requests against Kong Konnect using its own permissions, which could lead to the exposure of sensitive data.
Recommendations Update Kong Konnect MCP server to version 1.0.0 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13341

Affected Products

Kong Konnect Mcp Server