DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-30859: CVE-2026-30859: Cross-Tenant Data Exfiltration via Broken Access Control in Tencent WeKnora

#security #cve #cybersecurity

CVE-2026-30859: Cross-Tenant Data Exfiltration via Broken Access Control in Tencent WeKnora

Vulnerability ID: CVE-2026-30859
CVSS Score: 7.5
Published: 2026-03-06

Tencent WeKnora versions prior to 0.2.12 contain a critical broken access control vulnerability in the SQL validation middleware. A configuration mismatch permits authenticated tenants to bypass row-level security and query protected tables. This flaw enables cross-tenant exfiltration of third-party LLM API keys, private messages, and proprietary model configurations.

TL;DR

A logic error in WeKnora's database querying tool allows authenticated users to read sensitive tables (models, messages, embeddings) belonging to other tenants. Attackers can leverage the AI agent to dump third-party API keys and conversation histories in cleartext.

⚠️ Exploit Status: POC

Technical Details

  • CVSS Score: 7.5
  • Attack Vector: Network
  • Privileges Required: Low
  • CWE ID: CWE-284
  • Exploit Status: PoC Available
  • EPSS Score: 0.00037
  • Impact: High Confidentiality Loss

Affected Systems

  • Tencent WeKnora
  • Tencent WeKnora: < 0.2.12 (Fixed in: 0.2.12)

Code Analysis

Commit: 90ebd49

Table alignment and removal of sensitive tables from allowlist

Commit: 01d1aea

Implement recursive SQL AST validation

Mitigation Strategies

  • Upgrade Tencent WeKnora to version 0.2.12 or higher.
  • Implement proactive log monitoring for the database_query tool access.
  • Enforce fail-closed design principles for multi-tenant database isolation.

Remediation Steps:

  1. Pull the latest Docker image or source code for WeKnora v0.2.12.
  2. Apply the database migrations if required by the new release.
  3. Restart the WeKnora service to load the updated internal/utils/inject.go logic.
  4. Rotate any OpenAI or Anthropic API keys that were provisioned in the application prior to the patch.
  5. Audit database logs for queries executing SELECT * FROM models or messages without a tenant filter.

References

Read the full report for CVE-2026-30859 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)