1. Home
  2. CVE Database
  3. CVE-2026-30859
MEDIUM · 5.3

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows an...

Vulnerability Description

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables (models, messages, embeddings), enabling unauthorized cross-tenant data access with user-level authentication privileges. This issue has been patched in version 0.2.12.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
TencentWeknora< 0.2.12

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2026-30859?

CVE-2026-30859 is a vulnerability with a CVSS score of 5.3 (MEDIUM). WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows an...

How severe is CVE-2026-30859?

CVE-2026-30859 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-30859?

Check the references section above for vendor advisories and patch information. Affected products include: Tencent Weknora.