pkg:Go/github.com/Tencent/WeKnora

20 total CVEsCRITICAL8HIGH4MEDIUM8

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-30861WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
    >= 0.2.6, < 0.2.10
  • CRITICAL10.0CVE-2026-30861WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation
    >= 0.2.5, < 0.2.10
  • CRITICAL10.0CVE-2026-30860WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
    from 0
  • CRITICAL10.0CVE-2026-30860WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool
    from 0, < 0.2.12
  • CRITICAL9.9CVE-2026-22688WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora
    from 0, < 0.2.5
  • CRITICAL9.9CVE-2026-22688WeKnora has Command Injection in MCP stdio test in github.com/Tencent/WeKnora
    from 0, < 0.2.5
  • CRITICAL9.8CVE-2026-30855WeKnora Vulnerable to Broken Access Control in Tenant Management
    from 0, < 0.3.2
  • CRITICAL9.8CVE-2026-30855WeKnora Vulnerable to Broken Access Control in Tenant Management
    from 0, < 0.3.1
  • HIGH7.5CVE-2026-30859WeKnora has Broken Access Control - Cross-Tenant Data Exposure
    from 0, < 0.2.12
  • HIGH7.5CVE-2026-30859WeKnora has Broken Access Control - Cross-Tenant Data Exposure
    from 0
  • HIGH7.5CVE-2026-30858WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
    from 0, < 0.3.0
  • HIGH7.5CVE-2026-30858WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources
    from 0
  • MEDIUM5.9CVE-2026-30857WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning
    from 0, < 0.3.0
  • MEDIUM5.9CVE-2026-30857WeKnora has Unauthorized Cross‑Tenant Knowledge Base Cloning
    from 0
  • MEDIUM5.9CVE-2026-30247WeKnora is Vulnerable to SSRF via Redirection
    from 0, < 0.2.12
  • MEDIUM5.9CVE-2026-30247WeKnora is Vulnerable to SSRF via Redirection
    from 0, < 0.2.12
  • MEDIUM5.6CVE-2026-22687WeKnora vulnerable to SQL Injection
    from 0, < 0.2.5
  • MEDIUM5.6CVE-2026-22687WeKnora vulnerable to SQL Injection
    from 0, < 0.2.5
  • MEDIUM5.4CVE-2026-30856WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
    from 0
  • MEDIUM5.4CVE-2026-30856WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
    from 0, < 0.3.0