WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool in github.com/Tencent/WeKnora

The SQL Injection vulnerability in WeKnora allows an attacker to inject malicious SQL code into database queries. Successful exploitation could lead to complete compromise of the server hosting WeKnora. An attacker could read, modify, or delete sensitive data stored in the database, including user credentials, configuration files, and application data. Furthermore, the ability to execute arbitrary commands opens the door to further attacks, such as installing malware, creating backdoors, or pivoting to other systems on the network. The impact is particularly severe given WeKnora’s function as an AI database query tool, suggesting it may handle sensitive data and be integrated into critical workflows.

Organizations utilizing WeKnora for AI database querying, particularly those handling sensitive data or integrating WeKnora into critical business processes, are at significant risk. This includes companies leveraging WeKnora for data analysis, machine learning model training, or other data-intensive applications.

• go / server:

ps aux | grep WeKnora

• go / server:

journalctl -u weknora | grep "SQL injection"

• generic web:

curl -I <weknora_endpoint> | grep SQL

1. 2026-03-10Disclosure

   disclosure

1. आरक्षित2026-03-05
2. प्रकाशित2026-03-10
3. संशोधित2026-03-23
4. EPSS अद्यतन2026-03-23

The primary mitigation for CVE-2026-30860 is to immediately upgrade WeKnora to version 0.2.12 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. Input validation and sanitization should be implemented to prevent malicious SQL code from being injected into queries. Web application firewalls (WAFs) configured to detect and block SQL Injection attempts can provide an additional layer of defense. Monitor database logs for suspicious activity, such as unusual query patterns or error messages.