CVE-2026-22688
published 2026-01-10CVE-2026-22688: WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.75%
75.0th percentile
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | tencent_weknora | >= 0 < 0.2.5 | 0.2.5 |
| tencent | weknora | < 0.2.5 | 0.2.5 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected subprocess execution spawned by the WeKnora server process, particularly where command and arguments originate from user-supplied MCP stdio settings (stdio_config.command/args fields). ↗
- →Flag or alert on any WeKnora deployment running a version prior to 0.2.5, as those versions are vulnerable to command injection via MCP stdio configuration. ↗
- ·The vulnerability requires the attacker to be an authenticated user; unauthenticated exploitation is not indicated by the available sources. ↗
- ·The injection vector is specifically the stdio_config.command/args parameters within MCP stdio settings — defenders should audit access controls and input validation on these configuration fields. ↗
- ·A public exploit is reported to exist for this CVE, raising the urgency of patching to version 0.2.5 or later. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora
osv·2026-01-12
CVE-2026-22688 WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora
WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora
WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora
OSV
WeKnora has Command Injection in MCP stdio test
osv·2026-01-09
CVE-2026-22688 [CRITICAL] WeKnora has Command Injection in MCP stdio test
WeKnora has Command Injection in MCP stdio test
### Vulnerability **Description**
---
**Vulnerability Overview**
This issue is a command injection vulnerability (CWE-78) that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values.
The root causes are as follows:
- **Missing Security Filtering**: When transport_type=stdio, there is no validation on stdio_config.command/args, such as allowlisting, enforcing fixed paths/binaries, or blocking dangerous options.
- **Functional Flaw (Trust Boundary Violation)**: The command/args stored as "service configuration data" are directly used in the /test execution flow and connected to execution sinks without validation.
- **Lack of Authorizat
GHSA
WeKnora has Command Injection in MCP stdio test
ghsa·2026-01-09
CVE-2026-22688 [CRITICAL] CWE-77 WeKnora has Command Injection in MCP stdio test
WeKnora has Command Injection in MCP stdio test
### Vulnerability **Description**
---
**Vulnerability Overview**
This issue is a command injection vulnerability (CWE-78) that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values.
The root causes are as follows:
- **Missing Security Filtering**: When transport_type=stdio, there is no validation on stdio_config.command/args, such as allowlisting, enforcing fixed paths/binaries, or blocking dangerous options.
- **Functional Flaw (Trust Boundary Violation)**: The command/args stored as "service configuration data" are directly used in the /test execution flow and connected to execution sinks without validation.
- **Lack of Authorizat
No detection rules found.
No public exploits indexed.
Hackernews
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
blogs_hackernews·2026-04-20·CVSS 8.0
CVE-2025-65720 [HIGH] Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's ( MCP ) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.
"This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to sensitive user data, internal databases, API keys, and chat histories," OX Security researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, and Roni
Wiz
CVE-2026-22688 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-22688 [CRITICAL] CVE-2026-22688 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22688 :
vulnerability analysis and mitigation
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.
Source : NVD
## 8.8
Score
Published January 10, 2026
Severity HIGH
CNA Score 9.9
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 60.4
Exploitation Probability (EPSS) 0.4
Affected packages and libraries
github.com/Tencent/WeKnora
github.com/tencent/weknor
2026-01-10
Published