CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2026-5585 – Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure
https://notcve.org/view.php?id=CVE-2026-5585
05 Apr 2026 — A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/task_manager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been made public and could be used. • https://gist.github.com/YLChen-007/fe4b834144ad535d167507c2008d4011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2026-30861 – WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
https://notcve.org/view.php?id=CVE-2026-30861
07 Mar 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (npx, uvx) and blacklists for dangerous arguments and environme... • https://github.com/Tencent/WeKnora/security/advisories/GHSA-r55h-3rwj-hcmg • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2026-30860 – WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
https://notcve.org/view.php?id=CVE-2026-30860
07 Mar 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By smuggling dangerous PostgreSQL functions inside these expressions and chaining them with large object ope... • https://github.com/Tencent/WeKnora/security/advisories/GHSA-8w32-6mrw-q5wv • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-30859 – WeKnora: Broken Access Control - Cross-Tenant Data Exposure
https://notcve.org/view.php?id=CVE-2026-30859
07 Mar 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables (models, messages, embeddings), enabling unauthorized cross-tenant data access with user-level authentica... • https://github.com/Tencent/WeKnora/security/advisories/GHSA-2f4c-vrjq-rcgv • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2026-30858 – WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources
https://notcve.org/view.php?id=CVE-2026-30858
07 Mar 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensit... • https://github.com/Tencent/WeKnora/security/advisories/GHSA-h6gw-8f77-mmmp • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2026-30857 – WeKnora: Unauthorized Cross‑Tenant Knowledge Base Cloning
https://notcve.org/view.php?id=CVE-2026-30857
07 Mar 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant’s knowledge base into their own tenant by knowing/guessing the source knowledge base ID. This enables bulk data exfiltration (document/FAQ content) across tenants. This issue has been patched in version 0.3.0. WeKnora es un framework impulsado por L... • https://github.com/Tencent/WeKnora/security/advisories/GHSA-8rf9-c59g-f82f • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-30856 – WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
https://notcve.org/view.php?id=CVE-2026-30856
07 Mar 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client (mcp_{service}_{tool}), an attacker can register a malicious tool that overwrites a legitimate one (e.g., tavily_extract). This enables the attacker to redirect LLM execution flow, exfi... • https://github.com/Tencent/WeKnora/security/advisories/GHSA-67q9-58vj-32qx • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2026-30855 – WeKnora: Broken Access Control in Tenant Management
https://notcve.org/view.php?id=CVE-2026-30855
07 Mar 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and subsequently exploit the system. This enables cross-tenant account takeover and destruction, making th... • https://github.com/Tencent/WeKnora/security/advisories/GHSA-ccj6-79j6-cq5q • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-30247 – WeKnora: SSRF via Redirection
https://notcve.org/view.php?id=CVE-2026-30247
07 Mar 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it fails to validate redirect targets. An attacker can bypass all protections by using a redirect chain, f... • https://github.com/Tencent/WeKnora/security/advisories/GHSA-595m-wc8g-6qgc • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2026-22688 – WeKnora has Command Injection in MCP stdio test
https://notcve.org/view.php?id=CVE-2026-22688
10 Jan 2026 — WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5. This update for govulncheck-vulndb fixes the following issues. • https://github.com/Tencent/WeKnora/commit/f7900a5e9a18c99d25cec9589ead9e4e59ce04bb • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •