CVE-2026-30859
WeKnora prior to version 0.2.12 suffers broken access control in the database query tool, allowing any authenticated tenant to read data from other tenants (models, messages, embeddings) including API keys and model configurations due to failure to enforce tenant isolation on critical tables. The...