Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.
Published: 2026-01-10
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Disclosure
Action: Patch Immediately
AI Analysis

Impact

The WeKnora framework contains a SQL injection vulnerability triggered by the Agent service when database queries are executed after processing user prompts. The flaw stems from insufficient backend validation of queries, allowing an attacker to craft prompt-based bypasses that remove or alter mandatory restrictions. Successful exploitation lets the attacker read sensitive data stored on the target server and database, compromising confidentiality. This weakness is a classic SQL Injection flaw (CWE‑89).

Affected Systems

The vulnerability is present in Tencent's WeKnora software prior to version 0.2.5. Any deployment that has the Agent service enabled and is running a pre‑0.2.5 build is at risk. The affected product is the WeKnora LLM‑powered document understanding platform; even a single node can leak data if the Agent component is enabled.

Risk and Exploitability

The CVSS base score is 5.6, indicating moderate severity. The EPSS score is less than 1 %, suggesting a low likelihood of widespread exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need remote access to the Agent service API and the ability to supply crafted prompts; thus the probable attack vector is remote, via user prompt submission, and is inferred from the description that the flaw is triggered by prompt‑based bypass techniques.

Generated by OpenCVE AI on April 16, 2026 at 18:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch to upgrade WeKnora to version 0.2.5 or newer.
  • If an upgrade is not immediately possible, disable the Agent service or restrict its use to trusted users to eliminate the attack surface.
  • Enforce strict input validation on database queries within the Agent component to block arbitrary SQL commands, reducing the risk of re‑emergent injection issues.

Generated by OpenCVE AI on April 16, 2026 at 18:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pcwc-3fw3-8cqv WeKnora vulnerable to SQL Injection
History

Tue, 10 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 14:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Thu, 22 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*

Mon, 12 Jan 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Tencent
Tencent weknora
Vendors & Products Tencent
Tencent weknora

Sat, 10 Jan 2026 04:15:00 +0000

Type Values Removed Values Added
Description WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.
Title WeKnora vulnerable to SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Tencent Weknora
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-10T18:34:41.657Z

Reserved: 2026-01-08T19:23:09.854Z

Link: CVE-2026-22687

cve-icon Vulnrichment

Updated: 2026-01-12T17:21:14.993Z

cve-icon NVD

Status : Modified

Published: 2026-01-10T04:16:01.670

Modified: 2026-03-06T15:16:09.773

Link: CVE-2026-22687

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T18:30:10Z

Weaknesses