Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it fails to validate redirect targets. An attacker can bypass all protections by using a redirect chain, forcing the server to access internal services. Additionally, Docker-specific internal addresses like host.docker.internal are not blocked. This issue has been patched in version 0.2.12.
Published: 2026-03-07
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SSRF exposing internal services
Action: Apply Patch
AI Analysis

Impact

The SSRF vulnerability in Tencent WeKnora’s Import document via URL feature allows an attacker to send the backend through an HTTP redirect chain to internal addresses. The backend correctly rejects private IPs, loopback, reserved hostnames, and cloud metadata endpoints, but it does not validate the final redirect target, letting the server reach internal services such as Docker host addresses. This flaw enables an attacker to obtain unauthorized access to resources that are normally isolated from external traffic.

Affected Systems

Tencent WeKnora versions earlier than 0.2.12 are impacted by this redirect‑based SSRF flaw. The vulnerability resides in the document import functionality exposed by the application.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the current environment. The issue is not listed in the CISA KEV catalog, implying no confirmed public exploits. An attacker must be able to submit a crafted URL to the import endpoint; if successful, the server will follow the redirect chain and attempt to reach internal addresses, potentially exposing internal services.

Generated by OpenCVE AI on April 18, 2026 at 09:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 0.2.12 or later where redirect validation has been corrected.
  • If upgrading is not immediately possible, configure the import endpoint to accept only direct HTTPS URLs and disable or filter redirects; additionally, explicitly block internal IP ranges such as 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 and host.docker.internal.
  • Restrict the backend's outbound requests to a strict whitelist of allowed domains or IP ranges to limit attack surface.

Generated by OpenCVE AI on April 18, 2026 at 09:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-595m-wc8g-6qgc WeKnora is Vulnerable to SSRF via Redirection
History

Wed, 11 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tencent
Tencent weknora
Vendors & Products Tencent
Tencent weknora

Sat, 07 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it fails to validate redirect targets. An attacker can bypass all protections by using a redirect chain, forcing the server to access internal services. Additionally, Docker-specific internal addresses like host.docker.internal are not blocked. This issue has been patched in version 0.2.12.
Title WeKnora: SSRF via Redirection
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Tencent Weknora
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-09T20:54:27.857Z

Reserved: 2026-03-04T17:23:59.799Z

Link: CVE-2026-30247

cve-icon Vulnrichment

Updated: 2026-03-09T20:47:20.162Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-07T04:15:54.560

Modified: 2026-03-11T19:22:24.300

Link: CVE-2026-30247

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:00:10Z

Weaknesses