CVE-2026-22687
Published: 10 January 2026
Summary
CVE-2026-22687 is a medium-severity SQL Injection (CWE-89) vulnerability in Tencent Weknora. Its CVSS base score is 5.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing LLM Agent service enables remote unauthenticated bypass of DB query restrictions (CWE-89/SQLi-like), directly facilitating initial access and data retrieval via T1190.
NVD Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can…
more
use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.
Deeper analysisAI
CVE-2026-22687 is a vulnerability in WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval. In versions prior to 0.2.5, enabling the Agent service allows users to invoke the database query tool. Insufficient backend validation enables attackers to use prompt-based bypass techniques to circumvent query restrictions.
Unauthenticated remote attackers can exploit this vulnerability over the network (AV:N) with high attack complexity (AC:H), requiring no privileges (PR:N) or user interaction (UI:N). Exploitation evades restrictions to obtain sensitive information from the target server and database, with limited impacts on confidentiality, integrity, and availability (C:L/I:L/A:L), as reflected in the CVSS v3.1 base score of 5.6 under unchanged scope (S:U). The issue maps to CWE-89.
The vulnerability has been patched in WeKnora version 0.2.5. Mitigation involves upgrading to this version or later. Details are provided in the GitHub security advisory at GHSA-pcwc-3fw3-8cqv and the patching commit da55707022c252dd2c20f8e18145b2d899ee06a1.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm