## What’s happening

A critical vulnerability in Weaver (Fanwei) E-cology—an office automation and collaboration platform—has been reported as actively exploited in the wild.

Tracked as CVE-2026-22679 (CVSS 9.8), the issue is described as an unauthenticated remote code execution flaw in an exposed debug API endpoint ("/papi/esearch/data/devops/dubboApi/debug/method"). Attackers can craft POST requests with controlled parameters to reach command execution helpers.

## Timeline highlights

- Patches were released for E-cology 10.0 prior to 20260312 builds.

- Multiple parties reported exploitation evidence beginning in late March, with some research indicating activity shortly after patches became available.

## Why this matters

Collaboration and OA platforms often sit inside corporate networks with access to internal services and sensitive documents. A pre-auth RCE can quickly become a high-impact incident: web shells, credential theft, and lateral movement.

## What defenders should do

- Identify any exposed E-cology instances and confirm exact version/build.

- Apply vendor updates for E-cology 10.0 (ensure the build is at/after the fixed release).

- Restrict access to administrative/debug endpoints; limit exposure to internal networks/VPN.

- Review logs for suspicious POST requests to the debug endpoint and post-exploitation commands (e.g., whoami, ipconfig, tasklist).

## Source

The Hacker News coverage (with references to NVD, Shadowserver observations, and additional exploitation analysis).