CVE-2026-22679 in Weaver E-cology 10.0 is a critical unauthenticated RCE vulnerability arising from an exposed Apache Dubbo debug endpoint with no authentication check, confirmed by CISA KEV with active exploitation in the wild. The vulnerability is specific to the /papi/esearch/data/devops/dubboApi/debug/method path and allows arbitrary OS command execution via crafted POST parameters. Immediate actions: patch to build 20260312 or later, block the specific debug endpoint at the WAF or reverse proxy as a compensating control if patching is delayed, and review all E-cology API routes for additional unauthenticated debug surfaces.