CVE-2026-30857 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass…

Medium CVSS: 5.3

CVE-2026-30857

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant’s knowledge base into their own tenant by knowing/guessing the source knowledge base ID. This enables bulk data exfiltration (document/FAQ content) across tenants. This issue has been patched in version 0.3.0.

Vendor

Product

CWE

Yayın Tarihi

2026-03-07 17:15:53

Güncelleme

2026-03-09 17:34:19

Source Identifier

security-advisories@github.com

KEV Date Added

-

Kategoriler

CWE-639 Weknora MEDIUM Tencent 2026

Referanslar

https://github.com/Tencent/WeKnora/security/advisories/GHSA-8rf9-c59g-f82f

Benzer Kayıtlar

High

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.…

Medium

CVE-2026-30858

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.…

Medium

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.…

Critical

CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.…

Critical

CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5…

Medium

CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.…