CVE-2026-22688

CVE-2026-22688 is a command injection vulnerability (CWE-77) affecting WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval. In versions prior to 0.2.5, the vulnerability enables authenticated users to inject malicious values into the stdio_config.command/args fields within MCP stdio settings. This injection causes the server to execute arbitrary subprocesses using the attacker-supplied values. The issue carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

An attacker with authenticated access to the WeKnora server can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By manipulating the stdio_config parameters, the attacker can execute arbitrary commands as the server process, achieving high-impact confidentiality, integrity, and availability violations. The changed scope (S:C) amplifies the risk, as successful exploitation allows control over subprocesses that could lead to full server takeover, data exfiltration, or further lateral movement.

The vulnerability has been addressed in WeKnora version 0.2.5, as detailed in the project's GitHub security advisory (GHSA-78h3-63c4-5fqc) and corresponding patch commit (f7900a5e9a18c99d25cec9589ead9e4e59ce04bb). Security practitioners should prioritize upgrading to the patched version and review access controls for authenticated users interacting with MCP stdio configurations.

As an LLM-powered framework, this vulnerability highlights risks in AI/ML pipelines where untrusted inputs can propagate to system-level execution, though no evidence of real-world exploitation is reported in available sources.