CVE-2026-13341: A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow
Summary
CVE-2026-13341 is a vulnerability in Kong Konnect MCP (Model Context Protocol, a system for standardized communication between AI models and tools) server versions before 1.0.0 that allows remote attackers to perform prompt injection attacks (tricking the AI by hiding malicious instructions in input) and execute unintended API requests (commands to interact with web services).
Vulnerability Details
7.4(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
network
low
none
required
July 3, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-13341
First tracked: July 3, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 85%