{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30857", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-05T21:27:35.342Z", "datePublished": "2026-03-07T16:33:45.566Z", "dateUpdated": "2026-03-09T18:24:26.835Z"}, "containers": {"cna": {"title": "WeKnora: Unauthorized Cross\u2011Tenant Knowledge Base Cloning", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-8rf9-c59g-f82f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-8rf9-c59g-f82f"}], "affected": [{"vendor": "Tencent", "product": "WeKnora", "versions": [{"version": "< 0.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T16:33:45.566Z"}, "descriptions": [{"lang": "en", "value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant\u2019s knowledge base into their own tenant by knowing/guessing the source knowledge base ID. This enables bulk data exfiltration (document/FAQ content) across tenants. This issue has been patched in version 0.3.0."}], "source": {"advisory": "GHSA-8rf9-c59g-f82f", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T17:52:20.654301Z", "id": "CVE-2026-30857", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T18:24:26.835Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30857", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T17:52:20.654301Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T17:52:21.649Z"}}], "cna": {"title": "WeKnora: Unauthorized Cross\u2011Tenant Knowledge Base Cloning", "source": {"advisory": "GHSA-8rf9-c59g-f82f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Tencent", "product": "WeKnora", "versions": [{"status": "affected", "version": "< 0.3.0"}]}], "references": [{"url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-8rf9-c59g-f82f", "name": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-8rf9-c59g-f82f", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant\u2019s knowledge base into their own tenant by knowing/guessing the source knowledge base ID. This enables bulk data exfiltration (document/FAQ content) across tenants. This issue has been patched in version 0.3.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T16:33:45.566Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30857", "state": "PUBLISHED", "dateUpdated": "2026-03-09T18:24:26.835Z", "dateReserved": "2026-03-05T21:27:35.342Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-07T16:33:45.566Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F3180E7-F262-4100-96C2-4AB5730E75FF", "versionEndExcluding": "0.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant\u2019s knowledge base into their own tenant by knowing/guessing the source knowledge base ID. This enables bulk data exfiltration (document/FAQ content) across tenants. This issue has been patched in version 0.3.0."}, {"lang": "es", "value": "WeKnora es un framework impulsado por LLM dise\u00f1ado para la comprensi\u00f3n profunda de documentos y la recuperaci\u00f3n sem\u00e1ntica. Antes de la versi\u00f3n 0.3.0, una omisi\u00f3n de autorizaci\u00f3n entre inquilinos en el endpoint de copia de la base de conocimiento permite a cualquier usuario autenticado clonar (duplicar) la base de conocimiento de otro inquilino en su propio inquilino conociendo/adivinando el ID de la base de conocimiento de origen. Esto permite la exfiltraci\u00f3n masiva de datos (contenido de documentos/preguntas frecuentes) entre inquilinos. Este problema ha sido parcheado en la versi\u00f3n 0.3.0."}], "id": "CVE-2026-30857", "lastModified": "2026-03-09T17:34:19.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-07T17:15:53.370", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-8rf9-c59g-f82f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WeKnora", "source": "cna", "vendor": "Tencent"}, "product": "weknora", "vendor": "tencent"}], "analysis": {"en": {"generated_at": "2026-04-17T12:06:20.692209+00:00", "value": {"mitigation_remediation": ["Upgrade WeKnora to version 0.3.0 or later where the authorization bypass has been fixed.", "If immediate upgrade is not possible, restrict the clone endpoint so that only users with a designated administrator role can execute cloning operations, thereby enforcing strict role-based access control.", "Implement additional validation to ensure that knowledge base IDs supplied to the clone endpoint cannot be guessed or enumerated by ordinary users, such as requiring session\u2011specific tokens or random identifiers."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Data Exfiltration"}, "threat_synthesis": {"affected_systems": "All installations of WeKnora running a version prior to 0.3.0 are vulnerable. The product, Tencent WeKnora, includes this issue in every patch level below 0.3.0, while the defect has been rectified in the 0.3.0 release and later revisions.", "description_and_impact": "The vulnerability in Tencent\u2019s WeKnora framework allows any authenticated user to copy another tenant\u2019s knowledge base by supplying the source knowledge base ID. This function, intended for authorized duplicate creation, has been compromised so that a user can duplicate all documents, FAQs, and other content from a target tenant into their own tenant. As a result, confidential information may be replicated and transferred without permission, fundamentally breaching tenant isolation and confidentiality. The weakness is a classic authorization bypass (CWE-639), where user-provided identifiers are not validated against the user\u2019s privilege scope.", "risk_and_exploitability": "The CVSS score of 5.3 classifies the flaw as moderate severity, and the EPSS score of less than 1% indicates a very low probability of exploitation at the time of analysis. The flaw is not listed in CISA\u2019s KEV catalog, suggesting no publicly known exploit code. An attacker must be authenticated and must discover or guess a valid source knowledge base ID. Even with authentication, the potential for bulk data exfiltration remains, but the low likelihood of exploitation mitigates overall risk while still necessitating prompt patching."}}}}, "created": "2026-03-09T10:04:53.763055+00:00", "updated": "2026-04-17T12:15:18.164640+00:00", "vendors": ["tencent", "tencent$PRODUCT$weknora"]}