Shanghai Fanwei Network Technology: New Fanwei E-cology10 Server Vulnerability Could Let Attackers Hijack Sessions and Steal Credentials

Critical Remote Code Execution Flaw Discovered in Fanwei E-cology10 Enterprise Platform

A severe security vulnerability (QVD-2026-14149) has been identified in Fanwei E-cology10 (E10), a widely used enterprise collaboration platform developed by Shanghai Fanwei Network Technology. The flaw, rated 9.8 (Critical) on the CVSS 3.1 scale, enables unauthenticated remote code execution (RCE), allowing attackers to take full control of vulnerable servers without requiring credentials or user interaction.

The vulnerability stems from a command injection weakness in a specific E-cology10 server interface. By sending a maliciously crafted request, attackers can execute arbitrary commands with elevated privileges, potentially compromising sensitive business data, session tokens, and internal workflows. Given the platform’s role as a digital hub for collaborative office work, process management, and low-code development, exploitation could grant attackers persistent access to corporate environments while evading detection.

Security researchers at QiAnXin Threat Intelligence Center disclosed the flaw on March 17, 2026, following its initial publication on March 12, 2026. While no public proof-of-concept exploit has been confirmed, QiAnXin demonstrated the vulnerability internally, warning of its high exploitability due to its low attack complexity and network-based attack vector.

Affected versions include E-cology 10.0 with security patch versions below v20260312. Weaver, the vendor, has released an official patch (v20260312 or later), urging organizations to apply the update immediately. Security teams are advised to monitor server logs for unusual activity on the vulnerable interface and update detection rules to identify potential exploitation attempts.

Source: https://cybersecuritynews.com/new-fanwei-e-cology10-server-vulnerability/

Feysh Tech cybersecurity rating report: https://www.rankiteo.com/company/shanghai-feysh-technology-co-ltd

"id": "SHA1778084745",
"linkid": "shanghai-feysh-technology-co-ltd",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Enterprise Software',
                        'location': 'Shanghai, China',
                        'name': 'Shanghai Fanwei Network Technology',
                        'type': 'Vendor'},
                       {'name': 'Organizations using Fanwei E-cology10 (E10)',
                        'type': 'End Users'}],
 'attack_vector': 'Network',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive business data, session '
                                             'tokens, internal workflows'},
 'date_detected': '2026-03-12',
 'date_publicly_disclosed': '2026-03-17',
 'description': 'A severe security vulnerability (QVD-2026-14149) has been '
                'identified in Fanwei E-cology10 (E10), a widely used '
                'enterprise collaboration platform developed by Shanghai '
                'Fanwei Network Technology. The flaw, rated 9.8 (Critical) on '
                'the CVSS 3.1 scale, enables unauthenticated remote code '
                'execution (RCE), allowing attackers to take full control of '
                'vulnerable servers without requiring credentials or user '
                'interaction. The vulnerability stems from a command injection '
                'weakness in a specific E-cology10 server interface, enabling '
                'arbitrary command execution with elevated privileges.',
 'impact': {'data_compromised': 'Sensitive business data, session tokens, '
                                'internal workflows',
            'operational_impact': 'Persistent access to corporate '
                                  'environments, evasion of detection',
            'systems_affected': 'Fanwei E-cology10 servers'},
 'investigation_status': 'Disclosed',
 'post_incident_analysis': {'corrective_actions': 'Patch vulnerability '
                                                  '(v20260312 or later)',
                            'root_causes': 'Command injection weakness in a '
                                           'specific E-cology10 server '
                                           'interface'},
 'recommendations': 'Apply the official patch (v20260312 or later) '
                    'immediately, monitor server logs for exploitation '
                    'attempts, and update detection rules.',
 'references': [{'source': 'QiAnXin Threat Intelligence Center'}],
 'response': {'communication_strategy': 'Vendor advisory urging immediate '
                                        'patching',
              'containment_measures': 'Apply official patch (v20260312 or '
                                      'later)',
              'enhanced_monitoring': 'Monitor server logs for unusual activity '
                                     'on the vulnerable interface',
              'remediation_measures': 'Update to security patch version '
                                      'v20260312 or later'},
 'stakeholder_advisories': 'Vendor advisory urging immediate patching',
 'title': 'Critical Remote Code Execution Flaw Discovered in Fanwei E-cology10 '
          'Enterprise Platform',
 'type': 'Remote Code Execution (RCE)',
 'vulnerability_exploited': 'Command Injection (QVD-2026-14149)'}