CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it fails to validate redirect targets. An attacker can bypass all protections by using a redirect chain, forcing the server to access internal services. Additionally, Docker-specific internal addresses like host.docker.internal are not blocked. This issue has been patched in version 0.2.12.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Tencent/WeKnora/security/advisories/GHSA-595m-wc8g-6qgc	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-07 04:15

Updated : 2026-03-11 19:22

NVD link : CVE-2026-30247

Mitre link : CVE-2026-30247

CVE.ORG link : CVE-2026-30247

JSON object : View

Products Affected

tencent

weknora

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2026-30247", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-07T04:15:54.560", "references": [{"url": "https://github.com/Tencent/WeKnora/security/advisories/GHSA-595m-wc8g-6qgc", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's \"Import document via URL\" feature is vulnerable to Server-Side Request Forgery (SSRF) through HTTP redirects. While the backend implements comprehensive URL validation (blocking private IPs, loopback addresses, reserved hostnames, and cloud metadata endpoints), it fails to validate redirect targets. An attacker can bypass all protections by using a redirect chain, forcing the server to access internal services. Additionally, Docker-specific internal addresses like host.docker.internal are not blocked. This issue has been patched in version 0.2.12."}, {"lang": "es", "value": "WeKnora es un framework impulsado por LLM dise\u00f1ado para la comprensi\u00f3n profunda de documentos y la recuperaci\u00f3n sem\u00e1ntica. Antes de la versi\u00f3n 0.2.12, la caracter\u00edstica 'Importar documento v\u00eda URL' de la aplicaci\u00f3n es vulnerable a la falsificaci\u00f3n de petici\u00f3n del lado del servidor (SSRF) a trav\u00e9s de redirecciones HTTP. Aunque el backend implementa una validaci\u00f3n exhaustiva de URL (bloqueando IPs privadas, direcciones de bucle invertido, nombres de host reservados y puntos finales de metadatos en la nube), no logra validar los objetivos de redirecci\u00f3n. Un atacante puede eludir todas las protecciones mediante el uso de una cadena de redirecci\u00f3n, forzando al servidor a acceder a servicios internos. Adem\u00e1s, las direcciones internas espec\u00edficas de Docker como host.docker.internal no est\u00e1n bloqueadas. Este problema ha sido parcheado en la versi\u00f3n 0.2.12."}], "lastModified": "2026-03-11T19:22:24.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B86D061-D1A8-438E-802E-D5408C339349", "versionEndExcluding": "0.2.12"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}