LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-30860

CVE-2026-30860 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 7, 2026

WeKnora - SQL Injection

Published: March 7, 2026Updated: March 7, 2026Remote Exploitable

Overview

WeKnora < 0.2.12 contains a SQL injection caused by insufficient validation of child nodes in PostgreSQL array and row expressions, letting unauthenticated attackers execute arbitrary code on the database server with database user privileges.

Severity & Score

Severity: Critical
CVSS Score: 9.9
EPSS Score: 7.7%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary code on the database server with database user privileges, risking full database compromise.

Mitigation

Upgrade to version 0.2.12 or later.

References

Social Media Activity(5 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 8, 2026

šŸ”“ CVE-2026-30860 - Critical (9.9) WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation syst... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-30860/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Yazoul Alerts
Yazoul Alerts
@Matchbook3469
Mar 8, 2026

šŸ”“ New security advisory: CVE-2026-30860 affects multiple systems. ā€¢ Impact: Remote code execution or complete system compromise possible ā€¢ Risk: Attackers can gain full control of affected systems ā€¢ Mitigation: Patch immediately or isolate affected systems Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-30860 #Cybersecurity #VulnerabilityManagement #CyberSec

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 8, 2026

āš ļø CRITICAL: Tencent WeKnora (<0.2.12) hit by CVE-2026-30860 ā€” SQLi in PostgreSQL array/row parsing enables unauthenticated RCE. Patch to 0.2.12 ASAP. Restrict DB rights and monitor logs. https://radar.offseq.com/threat/cve-2026-30860-cwe-89-improper-neutralization-of-s-90c4d0a6 #OffSeq #SQLInjection #InfoSec

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 8, 2026

šŸ”“ CVE-2026-30860 - Critical (9.9) WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation syst... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-30860/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
Offensive Sequence
Offensive Sequence
@offseq
Mar 8, 2026

āš ļø CRITICAL: Tencent WeKnora (<0.2.12) hit by CVE-2026-30860 ā€” SQLi in PostgreSQL array/row parsing enables unauthenticated RCE. Patch to 0.2.12 ASAP. Restrict DB rights and monitor logs. https://radar.offseq.com/threat/cve-2026-30860-cwe-89-improper-neutralization-of-s-90c4d0a6 #OffSeq #SQLInjection #InfoSec

View original post

Related Resources

Details

CVE ID
CVE-2026-30860
Severity
Critical
CVSS Score
9.9
Type
sql_injection
Status
new
EPSS
7.7%
Social Posts
5

CWE

  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

7.7%Probability of exploitation in the next 30 days