Weaver E-cology RCE Vulnerability Actively Exploited; 9.8 CVSS Score Triggers Emergency Response

A critical remote code execution vulnerability in Weaver E-cology, an enterprise office automation and collaboration platform, is under active exploitation in the wild. The flaw (CVE-2026-22679) carries a maximum CVSS score of 9.8, making it one of the most severe vulnerabilities currently being weaponized against enterprise infrastructure. Security researchers have confirmed that threat actors are actively targeting organizations running the vulnerable software, exploiting the weakness to gain unauthenticated remote access without requiring any credentials.

The vulnerability stems from a weakness in the "/papi/esearch/data/devops/" API endpoint, which lacks proper authentication controls. It affects Weaver E-cology 10.0 versions prior to the 20260312 patch release. Attackers are leveraging the debug API to inject and execute arbitrary commands on compromised systems, granting them full control over affected deployments. The exposure is particularly concerning given the platform's widespread use in enterprise environments for sensitive business workflows and internal communications.

Organizations running Weaver E-cology are urged to apply the latest security updates immediately. Security teams should also audit their environments for indicators of compromise and consider network-level restrictions on the vulnerable endpoint as a temporary mitigation. The combination of a near-maximum severity rating, unauthenticated exploitation, and confirmed in-the-wild attacks creates significant pressure on IT and security operations to prioritize remediation efforts.

The active exploitation of this vulnerability could enable attackers to establish persistent access, exfiltrate corporate data, or move laterally across interconnected systems. Enterprises that cannot patch immediately should implement compensating controls and heightened monitoring until fixes are deployed.