Critical Vulnerability in Weaver E-cology Exploited in Attacks Since March

Attackers have been exploiting a critical vulnerability (CVE-2026-22679) in Weaver E-cology, an office automation software, since mid-March to execute discovery commands on compromised systems. The flaw affects Weaver E-cology deployments, though specific versions or affected components were not detailed. No attribution to a particular threat actor or geographic targeting was provided in the reported incidents. The exploitation activity was confirmed, but the full scope of impacted organizations or data accessed remains unclear. The vulnerability's technical mechanics, such as whether it enables remote code execution or privilege escalation, were not explicitly described.