CVE-2026-30855

HighPublic PoC

Published: 07 March 2026

Published

07 March 2026

Modified

09 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 34.7th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID.…

Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and subsequently exploit the system. This enables cross-tenant account takeover and destruction, making the impact critical. This issue has been patched in version 0.3.2.

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved authorizations for access to system resources, directly preventing the authorization bypass allowing any authenticated user to manage any tenant.

AC-6 Least Privilege good match

prevent

AC-6 applies least privilege to restrict users to their own tenant resources only, mitigating cross-tenant takeover and destruction.

AC-24 Access Control Decisions good match

prevent

AC-24 requires explicit access control decisions for resources by role or personnel, addressing the failure to authorize tenant management operations properly.

Security SummaryAI

CVE-2026-30855 is an authorization bypass vulnerability (CWE-284) in the tenant management endpoints of WeKnora, an LLM-powered framework designed for deep document understanding and semantic retrieval. It affects WeKnora versions prior to 0.3.2 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

The vulnerability allows any authenticated user to read, modify, or delete any tenant by ID, bypassing proper authorization checks. Since account registration is open to the public, unauthenticated attackers can register an account and immediately exploit the issue, enabling cross-tenant account takeover and destruction with critical consequences.

The vulnerability has been patched in WeKnora version 0.3.2. Additional details are available in the GitHub security advisory at https://github.com/Tencent/WeKnora/security/advisories/GHSA-ccj6-79j6-cq5q.

As an LLM-powered framework, CVE-2026-30855 highlights risks in multi-tenant AI/ML systems for semantic retrieval and document understanding.

Details

CWE(s): CWE-284

Affected Products

tencent

weknora

≤ 0.3.2

AI Security AnalysisAI

AI Category: Other AI Platforms
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: llm

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Authorization bypass in public-facing tenant management endpoints of WeKnora web framework directly enables exploitation of public-facing applications for unauthorized read/modify/delete access to any tenant.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Tencent/WeKnora/security/advisories/GHSA-ccj6-79j6-cq5q
Exploit, Vendor Advisory · security-advisories@github.com