Home / Vulnerability Intelligence / CVE-2026-30858

CVE-2026-30858 - Vulnerability Analysis

MediumCVSS: 6.5

Last Updated: March 9, 2026

WeKnora - DNS Rebinding

Published: March 7, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

WeKnora < 0.3.0 contains a DNS rebinding vulnerability caused by improper URL validation in the web_fetch tool, letting unauthenticated attackers access internal server resources, exploit requires crafted malicious domain resolving to private IP after validation.

Severity & Score

Severity: Medium

CVSS Score: 6.5

Impact

Unauthenticated attackers can access internal server resources and sensitive local services, potentially leading to data exfiltration.

Mitigation

Update to version 0.3.0 or later.

References

https://github.com/Tencent/WeKnora/security/advisories/GHSA-h6gw-8f77-mmmp

Related Resources

Details

CVE ID: CVE-2026-30858
Severity: Medium
CVSS Score: 6.5
Type: dns_rebinding
Status: confirmed

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N