CVE-2026-30857
Received Received - Intake
Authorization Bypass in WeKnora Enables Cross-Tenant Data Exfiltration

Publication date: 2026-03-07

Last updated on: 2026-03-09

Assigner: GitHub, Inc.

Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone (duplicate) another tenant’s knowledge base into their own tenant by knowing/guessing the source knowledge base ID. This enables bulk data exfiltration (document/FAQ content) across tenants. This issue has been patched in version 0.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30857
EUVD
EUVD-2026-10180
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tencent weknora to 0.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to unauthorized disclosure and duplication of sensitive tenant data, including documents, FAQ content, and configuration details.

  • An attacker with low privileges but authenticated access can exfiltrate bulk data from other tenants.
  • Confidentiality of tenant data is severely compromised, though integrity and availability are not affected.
  • It can result in data breaches and loss of trust between tenants sharing the platform.
Compliance Impact

I don't know

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-30857 is a Broken Access Control vulnerability in the Tencent WeKnora knowledge base system affecting versions prior to 0.3.0. It occurs in the knowledge base copy endpoint, where any authenticated user can clone another tenant’s knowledge base by providing the source knowledge base ID without proper authorization checks.'}, {'type': 'paragraph', 'content': "The vulnerability arises because the system does not verify if the source knowledge base belongs to the requesting user's tenant. The cloning process copies all data and configurations from the victim’s knowledge base into the attacker’s tenant, enabling unauthorized access and duplication of sensitive information."}] [1]

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring for unauthorized POST requests to the /api/v1/knowledge-bases/copy endpoint that include source knowledge base IDs (source_id) not belonging to the authenticated user's tenant."}, {'type': 'paragraph', 'content': 'Specifically, detection involves checking logs or network traffic for POST requests where an authenticated user attempts to clone knowledge bases from other tenants by supplying source_id values that do not match their tenant.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect such activity might include searching server logs or API gateway logs for suspicious POST requests. For example, using grep on server logs:'}, {'type': 'list_item', 'content': "grep 'POST /api/v1/knowledge-bases/copy' /path/to/access.log | grep 'source_id='"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for unusual cloning activity or spikes in knowledge base duplication requests by authenticated users can help identify exploitation attempts.'}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the Tencent WeKnora system to version 0.3.0 or later, where this vulnerability has been patched.

Until the upgrade can be performed, restrict access to the /api/v1/knowledge-bases/copy endpoint to only trusted users or disable it if possible.

Implement additional monitoring and alerting for suspicious cloning requests that may indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30857. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart