CVE-2026-30861

Name of the Vulnerable Software and Affected Versions WeKnora versions 0.2.5 through 0.2.9 WeKnora version 0.2.10

Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains an unauthenticated remote code execution (RCE) issue in the MCP stdio configuration validation. The application permits unrestricted user registration, allowing attackers to create accounts and exploit a command injection flaw. Despite the implementation of command whitelists (npx, uvx) and argument/environment variable blacklists, the validation can be bypassed using the -p flag with npx node. This enables attackers to execute arbitrary commands with the application’s privileges, potentially leading to complete system compromise. The vulnerable code flow involves the ValidateStdioConfig() and ValidateStdioArgs() functions, where the -p flag is not blocked in the DangerousArgPatterns regex list, allowing execution of JavaScript payloads via npx node -p <payload>. The issue was silently patched in version 0.2.10, without a public CVE or security advisory, potentially leaving customers unaware.

Recommendations Upgrade to WeKnora version 0.2.10 or later.