CVE-2026-13341 PUBLISHED

Prompt Injection and Credential Exposure via Untrusted Analytics Data in Kong Konnect MCP

Assigner: Kong
Reserved: 25.06.2026 Published: 03.07.2026 Updated: 03.07.2026

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVSS Score: 7.4

Product Status

Vendor KongHQ
Product mcp-konnect
Versions Default: unaffected
  • affected from 0 to 1.0.0 (excl.)

Credits

  • Eli Ainhorn (https://www.linkedin.com/in/eli-ainhorn/), Noma Security (https://noma.security) finder

References

Problem Types

  • CWE-20 Improper input validation CWE

Impacts

  • CAPEC-1000