प्लेटफ़ॉर्म
go
घटक
github.com/tencent/weknora
में ठीक किया गया
0.2.13
0.2.12
CVE-2026-30860 describes a critical SQL Injection vulnerability discovered in WeKnora, a Go-based AI database query tool developed by Tencent. This flaw allows attackers to bypass security controls and potentially execute arbitrary code on the server. The vulnerability impacts versions of WeKnora prior to 0.2.12, and a patch has been released to address the issue.
The SQL Injection vulnerability in WeKnora allows an attacker to inject malicious SQL code into database queries. Successful exploitation could lead to complete compromise of the server hosting WeKnora. An attacker could read, modify, or delete sensitive data stored in the database, including user credentials, configuration files, and application data. Furthermore, the ability to execute arbitrary commands opens the door to further attacks, such as installing malware, creating backdoors, or pivoting to other systems on the network. The impact is particularly severe given WeKnora’s function as an AI database query tool, suggesting it may handle sensitive data and be integrated into critical workflows.
CVE-2026-30860 was publicly disclosed on 2026-03-10. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability is listed on the NVD with a CRITICAL severity score of 10.0. Given the ease of exploiting SQL Injection vulnerabilities and the potential for significant impact, it is likely that this vulnerability will be actively targeted by attackers.
Organizations utilizing WeKnora for AI database querying, particularly those handling sensitive data or integrating WeKnora into critical business processes, are at significant risk. This includes companies leveraging WeKnora for data analysis, machine learning model training, or other data-intensive applications.
• go / server:
ps aux | grep WeKnora• go / server:
journalctl -u weknora | grep "SQL injection"• generic web:
curl -I <weknora_endpoint> | grep SQLdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.18% (39% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-30860 is to immediately upgrade WeKnora to version 0.2.12 or later. If upgrading is not immediately feasible due to compatibility issues or downtime concerns, consider implementing temporary workarounds. Input validation and sanitization should be implemented to prevent malicious SQL code from being injected into queries. Web application firewalls (WAFs) configured to detect and block SQL Injection attempts can provide an additional layer of defense. Monitor database logs for suspicious activity, such as unusual query patterns or error messages.
Actualice WeKnora a la versión 0.2.12 o superior. Esta versión corrige la vulnerabilidad de ejecución remota de código mediante la validación adecuada de las consultas a la base de datos.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-30860 is a critical SQL Injection vulnerability in WeKnora, an AI database query tool, allowing attackers to potentially execute arbitrary code.
You are affected if you are using WeKnora versions prior to 0.2.12. Upgrade immediately to mitigate the risk.
Upgrade WeKnora to version 0.2.12 or later. Implement input validation and consider WAF rules as temporary mitigations.
While no public exploits are currently available, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted.
Refer to the official Tencent WeKnora repository and related security advisories for the most up-to-date information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी go.mod फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।