CVE-2026-30857: Unauthorized Cross-Tenant Knowledge Base Cloning in WeKnora
Vulnerability ID: CVE-2026-30857
CVSS Score: 5.3
Published: 2026-03-06
WeKnora versions prior to 0.3.0 suffer from a Broken Object Level Authorization (BOLA) vulnerability in the knowledge base duplication endpoint. The vulnerability allows authenticated users to exfiltrate arbitrary knowledge bases across tenant boundaries by exploiting an insecure direct object reference during asynchronous cloning tasks.
TL;DR
An IDOR/BOLA vulnerability in WeKnora < 0.3.0 allows authenticated attackers to clone and exfiltrate other tenants' knowledge bases by providing a known or guessed UUID to the copy endpoint.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-639
- Attack Vector: Network (Authenticated)
- CVSS v3.1 Score: 5.3
- EPSS Score: 0.00028
- Exploit Status: Proof of Concept
- CISA KEV: Not Listed
Affected Systems
- WeKnora Knowledge Base Module (<= 0.2.14)
-
WeKnora: < 0.3.0 (Fixed in:
0.3.0)
Mitigation Strategies
- Upgrade WeKnora to version 0.3.0 or later
- Implement strict tenant isolation checks in all repository data retrieval methods
- Do not rely solely on UUID complexity as a security control for object access
Remediation Steps:
- Verify the currently deployed version of WeKnora
- Pull the 0.3.0 release from the official Tencent GitHub repository
- Deploy the updated application and restart relevant API and worker services
- Review historical access logs for unauthorized
/api/v1/knowledge-bases/copyrequests
References
Read the full report for CVE-2026-30857 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)