CVE-2026-30860

CRITICAL LAB

WeKnora <0.2.12 - RCE via SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-30860. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-30860, demonstrating an RCE in WeKnora via SQL injection bypass using ARRAY/ROW constructs. The PoC includes a full attack chain, Docker lab setup, and payload generation.

Description

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By smuggling dangerous PostgreSQL functions inside these expressions and chaining them with large object operations and library loading capabilities, an unauthenticated attacker can achieve arbitrary code execution on the database server with database user privileges. This issue has been patched in version 0.2.12.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · cpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-30860

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-30860, demonstrating an RCE in WeKnora via SQL injection bypass using ARRAY/ROW constructs. The PoC includes a full attack chain, Docker lab setup, and payload generation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WeKnora <= 0.2.11

Auth required

Prerequisites: authenticated access to WeKnora · LLM backend configured · Docker environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 08, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://github.com/Tencent/WeKnora/security/advisories/GHSA-8w32-6mrw-q5wv

Scores

CVSS v3 9.9

EPSS 0.0024

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Lab Environment

EIP LAB

vulnerable docker pull ghcr.io/exploitintel/cve-2026-30860-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-89

Status published

Products (2)

tencent/weknora < 0.2.12

Tencent/WeKnora 0 - 0.2.12Go

Published Mar 07, 2026

Tracked Since Mar 08, 2026