4 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the ValidateStdioConfig process. An attacker can execute arbitrary commands with application privileges by bypassing argument validation using the -p flag in npx node. This allows full system compromise through...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the ValidateStdioConfig process. An attacker can execute arbitrary commands with application privileges by bypassing argument validation using the -p flag in npx node. This allows full system compromise through...
CVE-2026-22688
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...
WeKnora 命令注入漏洞
WeKnora is an LLM-based framework open-sourced by Tencent with features such as deep document understanding, semantic retrieval and context-aware answers using the RAG paradigm. Command injection vulnerability exists in WeKnora versions prior to 0.2.5 , the vulnerability stems from insufficient...