Cyber Resilience

CVE-2026-30855

HighPublic PoC

Published: 07 March 2026

Published
07 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 24.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-30855 is a high-severity Improper Access Control (CWE-284) vulnerability in Tencent Weknora. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-24 (Access Control Decisions) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-30855 is an authorization bypass vulnerability (CWE-284) in the tenant management endpoints of WeKnora, an LLM-powered framework designed for deep document understanding and semantic retrieval. It affects WeKnora versions prior to 0.3.2 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

The vulnerability allows any authenticated user to read, modify, or delete any tenant by ID, bypassing proper authorization checks. Since account registration is open to the public, unauthenticated attackers can register an account and immediately exploit the issue, enabling cross-tenant account takeover and destruction with critical consequences.

The vulnerability has been patched in WeKnora version 0.3.2. Additional details are available in the GitHub security advisory at https://github.com/Tencent/WeKnora/security/advisories/GHSA-ccj6-79j6-cq5q.

As an LLM-powered framework, CVE-2026-30855 highlights risks in multi-tenant AI/ML systems for semantic retrieval and document understanding.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to read, modify, or delete any tenant by ID.…

more

Since account registration is open to the public, this vulnerability allows any unauthenticated attacker to register an account and subsequently exploit the system. This enables cross-tenant account takeover and destruction, making the impact critical. This issue has been patched in version 0.3.2.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: llm

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authorization bypass in public-facing tenant management endpoints of WeKnora web framework directly enables exploitation of public-facing applications for unauthorized read/modify/delete access to any tenant.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22687Same product: Tencent Weknora
CVE-2026-30860Same product: Tencent Weknora
CVE-2026-30247Same product: Tencent Weknora
CVE-2026-30861Same product: Tencent Weknora
CVE-2026-30858Same product: Tencent Weknora
CVE-2026-22688Same product: Tencent Weknora
CVE-2026-30856Same product: Tencent Weknora
CVE-2026-5585Same vendor: Tencent
CVE-2025-41258Shared CWE-284
CVE-2026-7198Shared CWE-284

Affected Assets

tencent
weknora
≤ 0.3.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 enforces approved authorizations for access to system resources, directly preventing the authorization bypass allowing any authenticated user to manage any tenant.

prevent

AC-6 applies least privilege to restrict users to their own tenant resources only, mitigating cross-tenant takeover and destruction.

prevent

AC-24 requires explicit access control decisions for resources by role or personnel, addressing the failure to authorize tenant management operations properly.

References