216.73.216.170

CVE-2026-22687

· Published 10/01/2026 04:16 · Modified 10/01/2026 04:16

Labels: CVE-2026-22687 2026-01-10CVE-2026-22687CWE-89[email protected]

Essential information

Published
10/01/2026 04:16
Modified
10/01/2026 04:16
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
weknora / weknora cpe:2.3:a:weknora:weknora:<0.2.5:*:*:*:*:*:*:*

References