CVE-2026-30858
Received Received - Intake
DNS Rebinding in WeKnora Web_Fetch Enables Internal Resource Access

Publication date: 2026-03-07

Last updated on: 2026-03-09

Assigner: GitHub, Inc.

Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-30858
EUVD
EUVD-2026-10181
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tencent weknora to 0.3.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30858 is a DNS rebinding vulnerability in the web_fetch tool of the Tencent/WeKnora project, affecting versions prior to 0.3.0. It allows an unauthenticated attacker to bypass URL validation and access internal server resources by exploiting a time-of-check-to-time-of-use (TOCTOU) flaw.

During URL validation, the tool resolves the domain to a public IP address, which passes the check. However, when fetching content, the headless browser component independently resolves the domain again, which can then resolve to a private IP address. This mismatch enables the attacker to access sensitive internal services that should be protected.

The attacker achieves this by controlling a malicious domain that initially resolves to a public IP during validation and then to a private IP during execution, effectively bypassing the security check.

Impact Analysis

This vulnerability can lead to unauthorized access to internal server resources, including private IP addresses such as 127.0.0.1 and 192.168.x.x.

An attacker can exploit this to retrieve sensitive data from internal services, configuration files, and metadata endpoints like AWS IMDSv1.

The impact includes potential disclosure of credentials and secrets, which can compromise the confidentiality of your system.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by attempting a DNS rebinding attack simulation against the web_fetch tool in WeKnora versions prior to 0.3.0. A proof-of-concept involves setting up a DNS rebinding server that returns a public IP on the first DNS query and a private IP (such as 127.0.0.1) on subsequent queries with TTL set to zero to prevent caching.

You can run a local HTTP server on the backend (for example, using Python) to check if the web_fetch tool fetches content from internal services when given a malicious domain.

  • Set up a local HTTP server: python -m http.server 8888
  • Configure a DNS rebinding server to respond with a public IP initially and then a private IP (e.g., 127.0.0.1) on subsequent queries.

Monitor network traffic for unexpected requests from the web_fetch tool to private IP addresses after DNS resolution.

Mitigation Strategies

The immediate mitigation step is to upgrade the WeKnora framework to version 0.3.0 or later, where this DNS rebinding vulnerability in the web_fetch tool has been patched.

Until the upgrade is applied, restrict or monitor the usage of the web_fetch tool to prevent it from accessing untrusted URLs that could exploit DNS rebinding.

Implement network-level protections such as firewall rules to block unauthorized access to internal IP addresses from the application.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30858. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart