CVE-2026-30861
published 2026-03-07CVE-2026-30861: WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an…
PriorityP271high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.05%
78.9th percentile
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (npx, uvx) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the -p flag with npx node. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise. This issue has been patched in version 0.2.10.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | tencent_weknora | >= 0.2.5 < 0.2.10 | 0.2.10 |
| github.com | tencent_weknora | >= 0.2.6 < 0.2.10 | 0.2.10 |
| tencent | weknora | — | — |
| tencent | weknora | >= 0.2.5 < 0.2.10 | 0.2.10 |
Detection & IOCsextracted from sources · hover to see the quote
- →The whitelist bypass uses the `-p` flag with `npx node` to achieve command injection in MCP stdio configuration validation ↗
- →Attacker vector requires account creation via unrestricted user registration prior to exploiting the command injection flaw ↗
- →Vulnerable component is the MCP stdio configuration validation in WeKnora versions 0.2.5 up to (excluding) 0.2.10 ↗
- ·The command whitelist (npx, uvx) and blacklists for dangerous arguments and environment variables are insufficient controls — the `-p` flag with `npx node` bypasses all of them ↗
- ·Affected packages are github.com/Tencent/WeKnora and github.com/tencent/weknora; patch is available in version 0.2.10 ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation in github.com/Tencent/WeKnora
osv·2026-03-10
CVE-2026-30861 WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation in github.com/Tencent/WeKnora
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation in github.com/Tencent/WeKnora
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation in github.com/Tencent/WeKnora
OSV
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
osv·2026-03-07
CVE-2026-30861 [CRITICAL] WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
### Summary
A critical unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation introduced in version 2.0.5.
The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (`npx`, `uvx`) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the `-p` flag with `npx node`. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise.
The vulnerability remained unfixed across multiple releases (2.0.6-
GHSA
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
ghsa·2026-03-07
CVE-2026-30861 [CRITICAL] CWE-78 WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
### Summary
A critical unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation introduced in version 2.0.5.
The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (`npx`, `uvx`) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the `-p` flag with `npx node`. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise.
The vulnerability remained unfixed across multiple releases (2.0.6-
No detection rules found.
No public exploits indexed.
2026-03-07
Published