CVE-2026-30859
Broken Access Control in WeKnora Allows Cross-Tenant Data Exposure
Publication date: 2026-03-07
Last updated on: 2026-03-09
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tencent | weknora | to 0.2.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-30859 is a broken access control vulnerability in the Tencent/WeKnora database query tool that affects versions prior to 0.2.12.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the application fails to enforce tenant isolation on certain critical database tables, specifically the 'messages', 'embeddings', and 'models' tables."}, {'type': 'paragraph', 'content': 'While tenant isolation is enforced by appending a tenant ID filter to queries on some tables, these three tables are queryable without such filtering, allowing any authenticated tenant to access data belonging to other tenants.'}, {'type': 'paragraph', 'content': 'This means an attacker with valid tenant credentials can issue SQL queries to retrieve sensitive information such as API keys, model configurations, private messages, and other confidential data from other tenants.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive data across tenants in the WeKnora framework.
- Exposure of API keys and credentials, including those for third-party LLM providers like OpenAI and Anthropic.
- Leakage of database credentials and connection strings.
- Access to authentication tokens for integrated services.
- Disclosure of private messages and confidential business communications.
- Exposure of user conversations with AI agents and other sensitive shared information.
The attack requires only low privileges (authenticated tenant) and no user interaction, making it easier for attackers within the system to exploit.
Overall, this can compromise confidentiality of critical data, potentially leading to data breaches and loss of trust.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to query the unprotected tables that lack tenant isolation, such as `models`, `messages`, and `embeddings`, using the database query tool while authenticated as a tenant.
For example, an authenticated tenant can run SQL commands like:
- SELECT * FROM models;
- SELECT * FROM messages;
- SELECT * FROM embeddings;
If these queries return data belonging to other tenants, it indicates the presence of the broken access control vulnerability due to missing tenant isolation.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Tencent/WeKnora framework to version 0.2.12 or later, where this vulnerability has been patched.
This patch enforces tenant isolation on the previously unprotected tables (`models`, `messages`, and `embeddings`) by automatically appending tenant ID filtering to queries, preventing unauthorized cross-tenant data access.
Until the upgrade is applied, restrict access to the database query tool to trusted users only and monitor for suspicious queries targeting these unprotected tables.