Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-30859 is a broken access control vulnerability in the Tencent/WeKnora database query tool that affects versions prior to 0.2.12.'}, {'type': 'paragraph', 'content': "The vulnerability occurs because the application fails to enforce tenant isolation on certain critical database tables, specifically the 'messages', 'embeddings', and 'models' tables."}, {'type': 'paragraph', 'content': 'While tenant isolation is enforced by appending a tenant ID filter to queries on some tables, these three tables are queryable without such filtering, allowing any authenticated tenant to access data belonging to other tenants.'}, {'type': 'paragraph', 'content': 'This means an attacker with valid tenant credentials can issue SQL queries to retrieve sensitive information such as API keys, model configurations, private messages, and other confidential data from other tenants.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive data across tenants in the WeKnora framework.

• Exposure of API keys and credentials, including those for third-party LLM providers like OpenAI and Anthropic.
• Leakage of database credentials and connection strings.
• Access to authentication tokens for integrated services.
• Disclosure of private messages and confidential business communications.
• Exposure of user conversations with AI agents and other sensitive shared information.

The attack requires only low privileges (authenticated tenant) and no user interaction, making it easier for attackers within the system to exploit.

Overall, this can compromise confidentiality of critical data, potentially leading to data breaches and loss of trust.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to query the unprotected tables that lack tenant isolation, such as `models`, `messages`, and `embeddings`, using the database query tool while authenticated as a tenant.

For example, an authenticated tenant can run SQL commands like:

• SELECT * FROM models;
• SELECT * FROM messages;
• SELECT * FROM embeddings;

If these queries return data belonging to other tenants, it indicates the presence of the broken access control vulnerability due to missing tenant isolation.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the Tencent/WeKnora framework to version 0.2.12 or later, where this vulnerability has been patched.

This patch enforces tenant isolation on the previously unprotected tables (`models`, `messages`, and `embeddings`) by automatically appending tenant ID filtering to queries, preventing unauthorized cross-tenant data access.

Until the upgrade is applied, restrict access to the database query tool to trusted users only and monitor for suspicious queries targeting these unprotected tables.

Useful 0 Not Useful 0