CVE-2026-30861
Received Received - Intake
Unauthenticated RCE in WeKnora MCP stdio Configuration

Publication date: 2026-03-07

Last updated on: 2026-03-09

Assigner: GitHub, Inc.

Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (npx, uvx) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the -p flag with npx node. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise. This issue has been patched in version 0.2.10.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-14
NVD
CVE-2026-30861
EUVD
EUVD-2026-10184
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tencent weknora From 0.2.5 (inc) to 0.2.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-30861 is a critical unauthenticated remote code execution (RCE) vulnerability in the MCP stdio configuration validation of the WeKnora framework, affecting versions from 0.2.5 up to but not including 0.2.10.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because the application allows unrestricted user registration, enabling any attacker to create an account and exploit a command injection flaw.'}, {'type': 'paragraph', 'content': 'Although the application attempts to whitelist allowed commands (only "npx" and "uvx") and blacklist dangerous arguments and environment variables, the validation can be bypassed using the "-p" flag with "npx node".'}, {'type': 'paragraph', 'content': "This bypass allows attackers to execute arbitrary JavaScript code and commands with the application's privileges, leading to complete system compromise."}, {'type': 'paragraph', 'content': 'The issue was patched in version 0.2.10 by disabling the stdio-based MCP server entirely.'}] [1]

Impact Analysis

This vulnerability allows unauthenticated attackers to execute arbitrary commands on the server with the full privileges of the application.

The impact includes complete server compromise, which can lead to data breaches, installation of malware, creation of backdoors, ransomware attacks, and lateral movement within the network.

Because the application allows unrestricted user registration without verification or rate limiting, any attacker can exploit this flaw remotely without prior access.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by reviewing logs for signs of exploitation since version 0.2.5, monitoring for suspicious MCP configurations, and checking for unauthorized file creation on the system.'}, {'type': 'list_item', 'content': 'Look for creation of unexpected files such as /tmp/pwned.txt or other suspicious files indicating arbitrary command execution.'}, {'type': 'list_item', 'content': "Check MCP service configurations for stdio_config commands using 'npx' with arguments containing the '-p' flag, which bypasses validation."}, {'type': 'list_item', 'content': 'Example command to find suspicious files: `ls -l /tmp/pwned.txt`'}, {'type': 'list_item', 'content': "Example command to search logs for suspicious MCP activity: `grep -i 'npx' /var/log/weknora/*.log` or relevant application logs."}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade WeKnora to version 0.2.10 or later, where the vulnerability has been patched by disabling the stdio-based MCP server.

Additionally, review your system and application logs for any signs of exploitation since version 0.2.5, monitor for suspicious MCP configurations, and check for unauthorized file creation.

If compromise is suspected, assume breach and take appropriate incident response actions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30861. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart