{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30858", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-05T21:27:35.342Z", "datePublished": "2026-03-07T16:34:28.528Z", "dateUpdated": "2026-03-09T18:24:21.174Z"}, "containers": {"cna": {"title": "WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-h6gw-8f77-mmmp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-h6gw-8f77-mmmp"}], "affected": [{"vendor": "Tencent", "product": "WeKnora", "versions": [{"version": "< 0.3.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T16:34:28.528Z"}, "descriptions": [{"lang": "en", "value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0."}], "source": {"advisory": "GHSA-h6gw-8f77-mmmp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T17:52:18.600146Z", "id": "CVE-2026-30858", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T18:24:21.174Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30858", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-09T17:52:18.600146Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T17:52:19.590Z"}}], "cna": {"title": "WeKnora: DNS Rebinding Vulnerability in web_fetch Tool Allows SSRF to Internal Resources", "source": {"advisory": "GHSA-h6gw-8f77-mmmp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Tencent", "product": "WeKnora", "versions": [{"status": "affected", "version": "< 0.3.0"}]}], "references": [{"url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-h6gw-8f77-mmmp", "name": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-h6gw-8f77-mmmp", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-07T16:34:28.528Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30858", "state": "PUBLISHED", "dateUpdated": "2026-03-09T18:24:21.174Z", "dateReserved": "2026-03-05T21:27:35.342Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-07T16:34:28.528Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F3180E7-F262-4100-96C2-4AB5730E75FF", "versionEndExcluding": "0.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0."}, {"lang": "es", "value": "WeKnora es un framework impulsado por LLM dise\u00f1ado para la comprensi\u00f3n profunda de documentos y la recuperaci\u00f3n sem\u00e1ntica. Antes de la versi\u00f3n 0.3.0, una vulnerabilidad de reencuadernaci\u00f3n de DNS en la herramienta web_fetch permite a un atacante no autenticado eludir la validaci\u00f3n de URL y acceder a recursos internos en el servidor, incluyendo direcciones IP privadas (p. ej., 127.0.0.1, 192.168.x.x). Al crear un dominio malicioso que se resuelve a una IP p\u00fablica durante la validaci\u00f3n y posteriormente se resuelve a una IP privada durante la ejecuci\u00f3n, un atacante puede acceder a servicios locales sensibles y potencialmente exfiltrar datos. Este problema ha sido parcheado en la versi\u00f3n 0.3.0."}], "id": "CVE-2026-30858", "lastModified": "2026-03-09T17:34:39.527", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-07T17:15:53.523", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-h6gw-8f77-mmmp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.3.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "WeKnora", "source": "cna", "vendor": "Tencent"}, "product": "weknora", "vendor": "tencent"}], "analysis": {"en": {"generated_at": "2026-04-16T10:46:25.662229+00:00", "value": {"mitigation_remediation": ["Upgrade to the patched release 0.3.0 or later to eliminate the DNS rebinding flaw.", "Restrict outbound DNS queries from the web_fetch component to known safe domains or implement a firewall rule that blocks access to private IP ranges from the application layer.", "Disable the web_fetch tool or remove it from the production environment if an immediate upgrade is not possible, and monitor for any SSRF\u2011related request patterns."], "summary": {"action": "Patch to 0.3.0", "impact": "Unauthorized internal resource access via SSRF (DNS rebinding)"}, "threat_synthesis": {"affected_systems": "Tencent\u2019s WeKnora framework, all releases before version\u202f0.3.0, employs this web_fetch tool without a protective check. The flaw affects any installation of WeKnora where the tool is enabled, regardless of the host platform, because DNS rebinding can be triggered by an external party with nothing more than a crafted domain.", "description_and_impact": "The vulnerability is a DNS rebinding flaw in the web_fetch component of WeKnora that lets an unauthenticated attacker bypass URL validation. By submitting a domain that maps to a public IP during validation and to a private IP during execution, the attacker can activate server\u2011side request forgery and retrieve data from internal services such as 127.0.0.1 or 192.168.x.x. This breach can expose sensitive information and compromise the confidentiality of the internal network. The weakness maps to CWE\u2011918, reflecting a failure to validate or restrict network requests.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates a moderate severity that could lead to data exposure. The EPSS value of less than 1\u202f% suggests that, as of now, the probability of mass exploitation is low, and the vulnerability is not recorded in the CISA KEV list. Nonetheless, the attack requires only creation of a malicious domain and no additional privileged access, making it accessible to a broad threat set. If compromised, an attacker could pivot to internal services or extract data, so the risk remains significant for environments that expose WeKnora to the internet."}}}}, "created": "2026-03-09T10:04:52.947189+00:00", "updated": "2026-04-16T11:00:10.626686+00:00", "vendors": ["tencent", "tencent$PRODUCT$weknora"]}