CVE-2026-30858: Server-Side Request Forgery via DNS Rebinding in Tencent WeKnora
Vulnerability ID: CVE-2026-30858
CVSS Score: 7.5
Published: 2026-03-06
Tencent WeKnora versions prior to 0.3.0 contain a critical Server-Side Request Forgery (SSRF) vulnerability due to incomplete DNS pinning in the web_fetch tool. This flaw allows an unauthenticated attacker to bypass URL validation via DNS rebinding and access restricted internal network resources.
TL;DR
Unauthenticated SSRF in WeKnora < 0.3.0 via DNS rebinding allows access to internal network resources. Fixed in 0.3.0.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-918
- Attack Vector: Network
- CVSS v3.1: 7.5 (High)
- EPSS Score: 0.00075
- Impact: Information Disclosure / SSRF
- Exploit Status: Proof of Concept
Affected Systems
- Tencent WeKnora web_fetch tool
- internal/agent/tools/web_fetch.go
-
Tencent WeKnora: < 0.3.0 (Fixed in:
0.3.0)
Code Analysis
Commit: 2b3f76e
Fix SSRF via DNS Rebinding in web_fetch tool
Mitigation Strategies
- Upgrade WeKnora to version 0.3.0 or higher.
- Implement strict egress network filtering on the WeKnora host to block access to private CIDR blocks and cloud metadata APIs.
- Isolate components that fetch external web content in restricted network namespaces.
Remediation Steps:
- Verify current WeKnora version in deployment.
- Pull the latest version (0.3.0 or later) from the official repository.
- Deploy the updated application and monitor logs for application stability.
- Validate the fix by attempting a simulated DNS rebinding attack against the updated instance.
References
- GitHub Advisory: GHSA-h6gw-8f77-mmmp
- Official Fix Commit
- NVD Record for CVE-2026-30858
- CVE.org Record for CVE-2026-30858
Read the full report for CVE-2026-30858 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)