HIGHšŸ‡µšŸ‡± Wersja polska

CVE-2026-30855

CVSS 8.8v3.1pub. 2026-03-07upd. 2026-03-09

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and subsequently exploit the system. This enables cross-tenant account takeover and destruction, making the impact critical. This issue has been patched in version 0.3.2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Tencent Weknora

    APP
    Tencent
    < 0.3.2
šŸ”µ
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-30861CRITICAL9.9PL āœ“ten sam produkt

RCE w WeKnora — command injection w walidacji konfiguracji MCP stdio

CVE-2026-30860CRITICAL9.9PL āœ“ten sam produkt

RCE przez SQL Injection w Tencent WeKnora (bypass walidacji wyrażeń PostgreSQL)

CVE-2026-22688CRITICAL9.9PL āœ“ten sam produkt

Command injection w Tencent WeKnora — wykonanie podprocesów przez MCP stdio

CVE-2026-30856MEDIUM5.9ten sam produkt

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to ...

CVE-2026-30247MEDIUM5.9ten sam produkt

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to ...

CVE-2026-30855 — Tencent — Weknora — HIGH — CVSS 8.8 | CVEbaza.pl