CVE-2026-13341

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
03/07/2026
Last modified:
03/07/2026

Description

A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.