Home / Vulnerability Intelligence / CVE-2026-30855

CVE-2026-30855 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 9, 2026

WeKnora - Authorization Bypass

Published: March 7, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

WeKnora < 0.3.2 contains an authorization bypass caused by improper access control in tenant management endpoints, letting unauthenticated attackers register accounts and read, modify, or delete any tenant, exploit requires account registration.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 11.4%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can take over or destroy any tenant account, leading to critical cross-tenant compromise.

Mitigation

Upgrade to version 0.3.2.

References

https://github.com/Tencent/WeKnora/security/advisories/GHSA-ccj6-79j6-cq5q

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 8, 2026

🟠 CVE-2026-30855 - High (8.8) WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modif... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30855/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30855
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: confirmed
EPSS: 11.4%
Social Posts: 1

CWE

CWE-284

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

11.4%Probability of exploitation in the next 30 days