CVE-2026-30861: Remote Code Execution via Incomplete Command Blacklist in Tencent WeKnora
Vulnerability ID: CVE-2026-30861
CVSS Score: 10.0
Published: 2026-03-07
Tencent WeKnora versions 0.2.5 through 0.2.9 contain a critical vulnerability in the Model Context Protocol (MCP) configuration logic. The application implements an incomplete argument blacklist for the stdio transport type, allowing attackers to bypass validation using Node.js execution flags. Since WeKnora permits unrestricted user registration by default, remote attackers can register an account, configure a malicious MCP service, and achieve arbitrary code execution with the privileges of the application process.
TL;DR
CVE-2026-30861 is a critical RCE vulnerability in Tencent WeKnora caused by an incomplete command blacklist in the MCP stdio transport validation. Attackers bypass restrictions using the Node.js -p flag via npx to execute arbitrary system commands. The vendor patched this in version 0.2.10 by completely removing the stdio transport feature.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-78, CWE-184
- Attack Vector: Network
- CVSS v3.1 Score: 10.0
- EPSS Score: 0.00209
- Impact: Remote Code Execution
- Exploit Status: poc
- CISA KEV: False
Affected Systems
- Tencent WeKnora
-
WeKnora: 0.2.5 - 0.2.9 (Fixed in:
0.2.10) -
WeKnora: 2.0.5 - 2.0.9 (Fixed in:
2.0.10)
Code Analysis
Commit: 57d6fea
Final patch disabling stdio transport type completely
Commit: f7900a5
Previous incomplete fix introducing the flawed blacklist
Exploit Details
- GitHub Security Advisory: Public PoC documenting the Node.js -p flag bypass
Mitigation Strategies
- Upgrade WeKnora to version 0.2.10 / 2.0.10 or later.
- Disable open user registration to prevent unauthenticated access to the API.
- Implement WAF rules to block requests containing
"transport_type": "stdio".
Remediation Steps:
- Verify the current running version of WeKnora via the application console or container tags.
- Backup the WeKnora database and configuration files.
- Deploy the updated container image or binary for version 0.2.10.
- Audit the
mcp_servicestable in the database and remove any unknown or suspicious service definitions. - Review access logs for unauthorized access to the
/api/v1/mcp-servicesendpoint.
References
- GitHub Security Advisory GHSA-r55h-3rwj-hcmg
- NVD Record for CVE-2026-30861
- OSV Entry for GHSA-r55h-3rwj-hcmg
Read the full report for CVE-2026-30861 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)