Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Authorization bypass in Tencent WeKnora's Config API endpoint allows authenticated attackers to access unauthorized knowledge bases by manipulating the kbId parameter in getKnowledgeBaseForInitialization function. Affects all versions up to 0.3.6. Publicly available exploit code exists via GitHub Gist, enabling low-complexity attacks with network access. CVSS 6.3 reflects moderate impact across confidentiality, integrity, and availability. EPSS data not available, but public POC increases exploitation likelihood. Vendor unresponsive to disclosure, indicating no official patch timeline.
Technical ContextAI
The vulnerability resides in internal/handler/initialization.go within the Config API endpoint of WeKnora, a Tencent knowledge management platform. The getKnowledgeBaseForInitialization function fails to properly validate authorization when processing kbId arguments, implementing a broken access control pattern classified as CWE-639 (Authorization Bypass Through User-Controlled Key). This weakness allows authenticated users to manipulate object references (knowledge base identifiers) to access resources outside their authorization scope. The CPE string cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:* confirms Tencent as vendor with all versions through 0.3.6 vulnerable. The Golang implementation suggests the flaw stems from insufficient input validation and missing authorization checks before database/resource queries in the initialization workflow.
RemediationAI
No vendor-released patch exists for CVE-2026-8786 as Tencent has not responded to vulnerability disclosure per VulDB submission 812172. Organizations should implement immediate compensating controls: First, restrict network access to the Config API endpoint to trusted IP ranges or internal networks only, reducing attack surface from AV:N to local network scope. Second, implement application-layer authentication proxies or API gateways with additional authorization checks validating kbId parameter access against user permissions before forwarding requests to WeKnora. Third, enable comprehensive API audit logging to detect unauthorized knowledge base access attempts through anomalous kbId patterns. Fourth, consider suspending the initialization endpoint functionality if not operationally critical. Trade-offs include reduced functionality for initialization workflows and increased operational complexity from proxy deployments. Monitor VulDB advisories at vuldb.com/vuln/364410 and Tencent security channels for future patch releases. For critical deployments, evaluate migration to alternative knowledge management platforms with active security maintenance.
WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as
OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS
SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database c
Insufficient authorization checks in WeKnora's tenant management endpoints allow any authenticated user to read, modify,
DNS rebinding in WeKnora's web_fetch tool allows authenticated attackers to bypass URL validation and access internal re
WeKnora's document import feature is vulnerable to Server-Side Request Forgery through HTTP redirects, allowing unauthen
WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injec
Weknora versions up to 0.3.0 is affected by authorization bypass through user-controlled key (CVSS 5.3).
WeKnora versions prior to 0.2.12 suffer from inadequate tenant isolation in database queries, permitting any authenticat
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30730
GHSA-4cvj-xf75-4wv6