Plataforma
go
Componente
github.com/tencent/weknora
Corrigido em
0.3.1
0.3.0
CVE-2026-30858 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in WeKnora, a Go-based project. This flaw resides within the web_fetch tool, enabling attackers to potentially access internal resources through DNS rebinding techniques. Versions prior to 0.3.0 are affected, and a patch has been released to address the issue.
The SSRF vulnerability in WeKnora allows an attacker to craft malicious requests that appear to originate from the WeKnora server itself. By exploiting DNS rebinding, an attacker can manipulate the domain name resolution to point to internal resources that are otherwise inaccessible from the outside. This could lead to unauthorized access to sensitive data, internal APIs, or even the ability to interact with internal services. The impact is amplified if WeKnora is deployed in an environment with sensitive internal resources, such as databases or configuration management systems. Successful exploitation could result in data breaches, privilege escalation, and disruption of internal services.
CVE-2026-30858 was publicly disclosed on 2026-03-10. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The EPSS score is pending evaluation. It is recommended to prioritize patching due to the potential for SSRF exploitation, which can lead to significant internal network compromise.
Organizations deploying WeKnora in environments with internal resources accessible via HTTP or HTTPS are at risk. This includes deployments behind firewalls or in segmented networks where internal services are exposed. Shared hosting environments utilizing WeKnora are also particularly vulnerable due to the potential for cross-tenant exploitation.
• go / server:
ps aux | grep WeKnora• go / server:
journalctl -u weknora | grep -i 'web_fetch'• generic web:
curl -I <weknora_server_ip>/web_fetch?url=http://evil.com # Check for internal resource exposure in response headersdisclosure
Status do Exploit
EPSS
0.09% (percentil 26%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-30858 is to upgrade WeKnora to version 0.3.0 or later, which includes the fix for the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting outbound network access from the WeKnora server to only necessary domains. Implement strict input validation on the web_fetch tool to prevent malicious URL manipulation. Consider deploying a Web Application Firewall (WAF) with rules to detect and block SSRF attempts based on suspicious URL patterns and DNS resolution anomalies. Monitor network traffic for unusual outbound requests originating from the WeKnora server.
Atualize WeKnora para a versão 0.3.0 ou superior. Esta versão contém uma correção para a vulnerabilidade de DNS rebinding que permite o acesso não autorizado a recursos internos.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-30858 is a Server-Side Request Forgery vulnerability in WeKnora versions prior to 0.3.0, allowing attackers to access internal resources via DNS rebinding.
You are affected if you are using WeKnora versions 0.2.0 or earlier. Upgrade to 0.3.0 to mitigate the risk.
Upgrade WeKnora to version 0.3.0 or later. As a temporary workaround, restrict outbound network access and implement input validation.
Currently, there are no known public exploits or active campaigns targeting CVE-2026-30858, but proactive patching is recommended.
Refer to the WeKnora project's official repository and release notes for the latest security advisories and updates.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo go.mod e descubra na hora se você está afetado.