Lucene search
K

9 matches found

SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.6 views

SUSE CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

7.6CVSS6.1AI score0.00255EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 5:15 p.m.7 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

7.6CVSS0.00255EPSS
Exploits1References1
CVE
CVE
added 2026/03/07 4:32 p.m.15 views

CVE-2026-30856

WeKnora CVE-2026-30856: Pre-0.3.0 versions are vulnerable to a tool-name collision and indirect prompt injection via an MCP client naming convention (mcp_{service}_{tool}), allowing a remote MCP server to hijack tool execution and potentially exfiltrate prompts/context or run other tools with use...

7.6CVSS5.9AI score0.00255EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:32 p.m.4 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/06 11:54 p.m.2 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the MCPTool.Name sanitization in the NewMCPTool registration process in internal/agent/tools. An attacker can execute arbitrary MCP tools and inject prompts to exfiltrate context by...

7.6CVSS6AI score0.00255EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 11:54 p.m.7 views

GHSA-67Q9-58VJ-32QX WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

Summary A vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client mcpservicetool, an attacker can register a malicious tool that overwrites a legitimate...

5.4CVSS6.1AI score0.00255EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/06 11:54 p.m.9 views

WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

Summary A vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client mcpservicetool, an attacker can register a malicious tool that overwrites a legitimate...

7.6CVSS6.1AI score0.00255EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23799

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.3.0 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, is susceptible to a vulnerability involving tool name collision and indirect prompt injection. A malicious...

9.9CVSS5.9AI score0.22162EPSS
Exploits70References140
Rows per page
Query Builder