cbcvebase.
CVE-2026-30855
published 2026-03-07

CVE-2026-30855: WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant…

PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.33%
24.6th percentile
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and subsequently exploit the system. This enables cross-tenant account takeover and destruction, making the impact critical. This issue has been patched in version 0.3.2.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comtencent_weknora>= 0 < 0.3.20.3.2
github.comtencent_weknora>= 0 < 0.3.10.3.1
tencentweknora< 0.3.20.3.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.