Github.Com Tencent Weknora vulnerabilities
10 known vulnerabilities affecting github.com/tencent_weknora.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2026-30861P2CRITICAL≥ 0.2.5, < 0.2.102026-03-07
CVE-2026-30861 [CRITICAL] CWE-78 WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
### Summary
A critical unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation introduced in version 2.0.5.
The application allows unrestricted user registration, meaning any attacker can create an account and exp
ghsaosv
CVE-2026-30860P2CRITICAL≥ 0, < 0.2.122026-03-06
CVE-2026-30860 [CRITICAL] CWE-89 WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
## Summary
A critical Remote Code Execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL
ghsaosv
CVE-2026-22688P2CRITICAL≥ 0, < 0.2.52026-01-09
CVE-2026-22688 [CRITICAL] CWE-77 WeKnora has Command Injection in MCP stdio test
WeKnora has Command Injection in MCP stdio test
### Vulnerability **Description**
---
**Vulnerability Overview**
This issue is a command injection vulnerability (CWE-78) that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values.
The root causes are as follows:
- **Missing Security Filtering**: When transp
ghsaosv
CVE-2026-30855P3CRITICAL≥ 0, < 0.3.22026-03-06
CVE-2026-30855 [CRITICAL] CWE-284 WeKnora Vulnerable to Broken Access Control in Tenant Management
WeKnora Vulnerable to Broken Access Control in Tenant Management
### Summary
An authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and subsequently exploit the system. This
ghsaosv
CVE-2026-22687P3MEDIUM≥ 0, < 0.2.52026-01-09
CVE-2026-22687 [MEDIUM] CWE-89 WeKnora vulnerable to SQL Injection
WeKnora vulnerable to SQL Injection
### Summary
After WeKnora enables its Agent service, it allows users to call database query tools. Due to lax code backend verification, attackers can use prompts to bypass query restrictions and obtain sensitive information from the target server and database.
### Details
### Source
- **File**: `/internal/agent/tools/database_query.go`
- **Function**: `validateAndSecureSQL()` (lines 249-373
ghsaosv
CVE-2026-30858P3HIGH≥ 0, < 0.3.02026-03-06
CVE-2026-30858 [HIGH] CWE-918 WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
### Summary
A DNS rebinding vulnerability in the `web_fetch` tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that reso
ghsaosv
CVE-2026-30247P3MEDIUM≥ 0, < 0.2.122026-03-05
CVE-2026-30247 [MEDIUM] CWE-918 WeKnora is Vulnerable to SSRF via Redirection
WeKnora is Vulnerable to SSRF via Redirection
### Summary
The application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it **fails to validate redirect targets**. An attacker can bypass all protections
ghsaosv
CVE-2026-30856P3MEDIUM≥ 0, < 0.3.02026-03-06
CVE-2026-30856 [MEDIUM] CWE-706 WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
### Summary
A vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client (`mcp_{s
ghsaosv
CVE-2026-30859P3HIGH≥ 0, < 0.2.122026-03-06
CVE-2026-30859 [HIGH] CWE-284 WeKnora has Broken Access Control - Cross-Tenant Data Exposure
WeKnora has Broken Access Control - Cross-Tenant Data Exposure
## Summary
A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables (`models`, `messages`, `embeddings`), enabling unau
ghsaosv
CVE-2026-30857P4MEDIUM≥ 0, < 0.3.02026-03-06
CVE-2026-30857 [MEDIUM] CWE-639 WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning
WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning
### Summary
A cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant’s knowledge base into their own tenant by knowing/guessing the source knowledge base ID. This enables bulk data exfiltration (document/FAQ content) across tenants, making the impact critical.
##
ghsaosv