CVE-2026-22687

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.5

Description WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Insufficient backend validation allows attackers to bypass query restrictions and obtain sensitive information from the target server and database when the Agent service is enabled. Specifically, prompt-based bypass techniques can be used to exploit this issue. The vulnerability stems from inadequate validation within the validateAndSecureSQL() function (lines 249–373 in /internal/agent/tools/database query.go) and the use of raw SQL execution without parameterized queries in the Execute() function (line 158 in /internal/agent/tools/database query.go). The vulnerable code does not adequately validate dangerous built-in PostgreSQL functions and fails to account for comments that can be used to bypass detection. An attacker can leverage this to execute unauthorized database queries via the POST /api/v1/agent-chat/{session id} API endpoint, potentially enumerating PostgreSQL server files and accessing data from other tenants. The variable session id is part of the vulnerable API endpoint.

Recommendations Update WeKnora to version 0.2.5 or later.