CVE-2026-22688

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.5

Description WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, a command injection vulnerability exists that allows authenticated users to inject values into MCP stdio settings, specifically through stdio config.command/args. This allows the server to execute arbitrary subprocesses using these injected values. The vulnerability stems from missing security filtering on the stdio config.command/args parameters, a trust boundary violation where configuration data is directly used in execution flows without validation, and a lack of authorization controls. The vulnerable API endpoint is /api/v1/mcp-services/{id}/test. A proof of concept demonstrates the ability to execute commands, such as 'id' and 'uname -a', on the server by creating a file /tmp/RCE ok.txt. Successful exploitation could lead to remote code execution, information disclosure, and potentially privilege escalation or lateral movement depending on the environment.

Recommendations Update WeKnora to version 0.2.5 or later.