CVE-2026-30861 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: March 9, 2026
WeKnora - Command Injection
Overview
WeKnora 0.2.5 to < 0.2.10 contains a command injection caused by bypassing MCP stdio configuration validation with the -p flag in npx node, letting unauthenticated attackers execute arbitrary commands remotely, exploit requires user registration.
Severity & Score
Impact
Unauthenticated attackers can execute arbitrary commands with application privileges, leading to full system compromise.
Mitigation
Upgrade to version 0.2.10 or later.
Social Media Activity(3 posts)
š“ CVE-2026-30861 - Critical (9.9) WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration va... š https://www.thehackerwire.com/vulnerability/CVE-2026-30861/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
ā ļø CRITICAL: Tencent WeKnora (0.2.5 ā 0.2.9) hit by unauthenticated RCE (CVE-2026-30861) ā attackers bypass command validation using npx - p node. Patch to 0.2.10 ASAP! https://radar.offseq.com/threat/cve-2026-30861-cwe-78-improper-neutralization-of-s-94bf2228 #OffSeq #Vulnerability #RCE #Tencent
View original postšØ CRITICAL CVE-2026-30861: Tencent WeKnora (0.2.5 ā 0.2.9) OS command injection enables unauth RCE ā full system compromise possible. Patch to 0.2.10 now! More info: https://radar.offseq.com/threat/cve-2026-30861-cwe-78-improper-neutralization-of-s-94bf2228 #OffSeq #RCE #Vulnerability #InfoSec
View original postRelated Resources
Details
- CVE ID
- CVE-2026-30861
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- command_injection
- Status
- confirmed
- EPSS
- 20.9%
- Social Posts
- 3
CWE
- CWE-78
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H