CVE-2026-30861

CRITICAL LAB

WeKnora 0.2.5-0.2.9 - Unauthenticated Remote Code Execution via MCP stdio Configuration Validation Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-30861. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2026-30861, demonstrating an OS command injection vulnerability in WeKnora via MCP stdio transport. The PoC bypasses an incomplete blocklist to execute arbitrary commands using Node.js flags.

Description

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution (RCE) vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user registration, meaning any attacker can create an account and exploit the command injection flaw. Despite implementing a whitelist for allowed commands (npx, uvx) and blacklists for dangerous arguments and environment variables, the validation can be bypassed using the -p flag with npx node. This allows any attacker to execute arbitrary commands with the application's privileges, leading to complete system compromise. This issue has been patched in version 0.2.10.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · cpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2026-30861

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2026-30861, demonstrating an OS command injection vulnerability in WeKnora via MCP stdio transport. The PoC bypasses an incomplete blocklist to execute arbitrary commands using Node.js flags.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WeKnora v0.2.5 to v0.2.9

Auth required

Prerequisites: Docker environment · Network access to target · Open registration or valid credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 08, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://github.com/Tencent/WeKnora/security/advisories/GHSA-r55h-3rwj-hcmg

Scores

CVSS v3 9.9

EPSS 0.0008

EPSS Percentile 24.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Lab Environment

EIP LAB

vulnerable docker pull ghcr.io/exploitintel/cve-2026-30861-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-78

Status published

Products (2)

Tencent/WeKnora 0.2.5 - 0.2.10Go

tencent/weknora 0.2.5 - 0.2.10

Published Mar 07, 2026

Tracked Since Mar 08, 2026