Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (npx, uvx) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the -p flag with npx node. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise. This issue has been patched in version 0.2.10.
Published: 2026-03-07
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An unauthenticated user can exploit a command injection flaw in the MCP stdio configuration validation of WeKnora, allowing arbitrary command execution with the service’s privileges and leading to full system compromise. This flaw arises from the framework’s open registration process combined with a flawed whitelist that can be bypassed using the –p flag with npx node. The weakness aligns with CWE‑78: OS Command Injection.

Affected Systems

Tencent WeKnora versions 0.2.5 through 0.2.9 are affected. The vulnerability was fixed in version 0.2.10.

Risk and Exploitability

The CVSS v3.1 score of 10 denotes critical severity, but the EPSS score of less than 1% indicates that, as of the last assessment, the probability of exploitation is very low. Nevertheless, because the flaw allows unauthenticated registration and command execution, attackers can achieve complete compromise immediately. The vulnerability is not listed in the CISA KEV catalog, yet unpatched systems remain at high risk until updated.

Generated by OpenCVE AI on April 16, 2026 at 10:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to WeKnora 0.2.10 or later, which removes the vulnerable configuration handling.
  • Disable unauthenticated user registration or implement strong access controls to prevent account creation by unknown users before patching.
  • Apply network segmentation or firewall rules to limit the scope of any potential commands executed by the service.

Generated by OpenCVE AI on April 16, 2026 at 10:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r55h-3rwj-hcmg WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
History

Mon, 09 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Tencent
Tencent weknora
Vendors & Products Tencent
Tencent weknora

Sat, 07 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (npx, uvx) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the -p flag with npx node. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise. This issue has been patched in version 0.2.10.
Title WeKnora: Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Tencent Weknora
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-09T18:24:00.815Z

Reserved: 2026-03-05T21:27:35.342Z

Link: CVE-2026-30861

cve-icon Vulnrichment

Updated: 2026-03-09T17:58:52.303Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-07T17:15:53.980

Modified: 2026-03-09T17:35:56.647

Link: CVE-2026-30861

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T11:00:10Z

Weaknesses