VDB
CVE-2026-30855
CVE-2026-30855
PUBLISHED
CVSS 8.800000190734863 HIGH
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID. Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and subsequently exploit the system. This enables cross-tenant account takeover and destruction, making the impact critical. This issue has been patched in version 0.3.2.
EPSS 0.17% · 38.0th percentile
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.17%
38.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | Tencent/WeKnora | 0, 0 |
| tencent | weknora | 0, 0 |
| Tencent | WeKnora | < 0.3.2, < 0.3.2 |
Timeline
- Mar 6, 2026 CVE Published
- Mar 7, 2026 PoC Published
- Mar 8, 2026 EPSS Score
- Mar 9, 2026 CVE Updated
- Mar 9, 2026 EPSS Score
- Mar 10, 2026 EPSS Score
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score