Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By smuggling dangerous PostgreSQL functions inside these expressions and chaining them with large object operations and library loading capabilities, an unauthenticated attacker can achieve arbitrary code execution on the database server with database user privileges. This issue has been patched in version 0.2.12.
Published: 2026-03-07
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

A flaw in the database query component of the WeKnora framework allows an attacker to bypass SQL injection protection by exploiting uninspected child nodes in PostgreSQL array and row expressions. This enables smuggling dangerous PostgreSQL functions, chaining them with large object operations and library loading, which in turn grants arbitrary code execution on the database server with the rights of the database user. The weakness is a classic SQL injection flaw, categorized as CWE‑89.

Affected Systems

The vulnerability affects Tencent’s WeKnora, an LLM‑powered document understanding and semantic retrieval platform. All installations running any version earlier than 0.2.12 are susceptible; version 0.2.12 and later contain the fix.

Risk and Exploitability

The issue carries a CVSS score of 10, indicating maximum severity, yet the EPSS score is less than 1%, suggesting low current exploitation probability. It is not listed in the CISA KEV catalog. Attackers could exploit the flaw via unauthenticated access to the application’s query interface; thus the likely vector is remote over the network. Successful exploitation would lead to uncontrolled code execution on the database server, jeopardizing confidentiality, integrity, and availability of all data managed by the system.

Generated by OpenCVE AI on April 16, 2026 at 10:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WeKnora to version 0.2.12 or newer to apply the vendor patch.
  • If an immediate upgrade is not feasible, isolate the WeKnora deployment by limiting external network access to only trusted internal hosts, thereby preventing unauthenticated attackers from reaching the vulnerable endpoint.
  • Monitor application and database logs for unexpected SQL queries, large object manipulations, or attempts to load dynamic libraries, and investigate any anomalies promptly.

Generated by OpenCVE AI on April 16, 2026 at 10:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8w32-6mrw-q5wv WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
History

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tencent
Tencent weknora
Vendors & Products Tencent
Tencent weknora

Sat, 07 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By smuggling dangerous PostgreSQL functions inside these expressions and chaining them with large object operations and library loading capabilities, an unauthenticated attacker can achieve arbitrary code execution on the database server with database user privileges. This issue has been patched in version 0.2.12.
Title WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Tencent Weknora
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-09T18:24:08.315Z

Reserved: 2026-03-05T21:27:35.342Z

Link: CVE-2026-30860

cve-icon Vulnrichment

Updated: 2026-03-09T17:58:54.585Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-07T17:15:53.823

Modified: 2026-03-09T17:35:41.243

Link: CVE-2026-30860

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T11:00:10Z

Weaknesses