A vulnerability exists in the Kong Konnect Model Context Protocol (MCP) server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests.
https://github.com/Kong/mcp-konnect/security/advisories/GHSA-7767-3m3w-2p44