116 matches found
CVE-2026-8786
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...
CVE-2026-8786
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...
EUVD-2026-30730
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...
CVE-2026-8786
Technical details beyond the summary are not publicly available in the provided documents. No confirmed affected products, versions, or remediation are disclosed here. Monitor for updates for additional specifics and fixes.
CVE-2026-8786
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...
PT-2026-41634
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...
Tencent WeKnora 授权问题漏洞
Tencent WeKnora is an enterprise-level LLM knowledge base and RAG platform developed by Tencent, a Chinese technology company. Versions of Tencent WeKnora prior to 0.3.6 contained an authorization vulnerability. This vulnerability stemmed from the function getKnowledgeBaseForInitialization in the...
SUSE CVE-2026-30247
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...
SUSE CVE-2026-30855
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account...
SUSE CVE-2026-30856
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...
SUSE CVE-2026-30859
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...
SUSE CVE-2026-30860
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...
SUSE CVE-2026-30861
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...
GO-2026-4645 WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation in github.com/Tencent/WeKnora
WeKnora has Remote Code Execution RCE via Command Injection in MCP Stdio Configuration Validation in github.com/Tencent/WeKnora...
GO-2026-4628 WeKnora is Vulnerable to SSRF via Redirection in github.com/Tencent/WeKnora
WeKnora is Vulnerable to SSRF via Redirection in github.com/Tencent/WeKnora...
GO-2026-4637 WeKnora has Broken Access Control - Cross-Tenant Data Exposure in github.com/Tencent/WeKnora
WeKnora has Broken Access Control - Cross-Tenant Data Exposure in github.com/Tencent/WeKnora...
GO-2026-4638 WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora...
GO-2026-4641 WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool in github.com/Tencent/WeKnora
WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool in github.com/Tencent/WeKnora...
GO-2026-4640 WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning in github.com/Tencent/WeKnora
WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning in github.com/Tencent/WeKnora...
GO-2026-4642 WeKnora Vulnerable to Broken Access Control in Tenant Management in github.com/Tencent/WeKnora
WeKnora Vulnerable to Broken Access Control in Tenant Management in github.com/Tencent/WeKnora...