Weaver E-cology critical bug exploited in attacks since March

bleepingcomputer.com·May 4, 2026

Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation platform since mid-March, allowing for unauthenticated remote code execution. Users are urged to apply security updates to mitigate this risk, as attackers have been able to execute system commands without establishing persistent access.

The most valuable insight for you as a cybersecurity professional is the critical remote code execution vulnerability (CVE-2026-22679) in Weaver E-cology, which is actively being exploited. This highlights the importance of applying security updates promptly, as attackers began exploiting the flaw just five days after a patch was released and before the vulnerability was disclosed publicly. Ensure any systems using Weaver E-cology are updated to mitigate this risk.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Weaver E-cology critical bug exploited in attacks since March

Want more content like this?

More from Cybersecurity News

OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Linux bitten by second severe vulnerability in as many weeks

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor