CVE-2026-13341
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
03/07/2026
Last modified:
03/07/2026
Description
A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
Impact
Base Score 3.x
7.40
Severity 3.x
HIGH



