cbcvebase.
CVE-2026-22688
published 2026-01-10

CVE-2026-22688: WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.75%
75.0th percentile
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.

Affected

2 ranges
VendorProductVersion rangeFixed in
github.comtencent_weknora>= 0 < 0.2.50.2.5
tencentweknora< 0.2.50.2.5

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for unexpected subprocess execution spawned by the WeKnora server process, particularly where command and arguments originate from user-supplied MCP stdio settings (stdio_config.command/args fields).
  • Flag or alert on any WeKnora deployment running a version prior to 0.2.5, as those versions are vulnerable to command injection via MCP stdio configuration.
  • ·The vulnerability requires the attacker to be an authenticated user; unauthenticated exploitation is not indicated by the available sources.
  • ·The injection vector is specifically the stdio_config.command/args parameters within MCP stdio settings — defenders should audit access controls and input validation on these configuration fields.
  • ·A public exploit is reported to exist for this CVE, raising the urgency of patching to version 0.2.5 or later.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.