CVE-2026-30860

CriticalPublic PoC

Published: 07 March 2026

Published

07 March 2026

Modified

09 March 2026

KEV Added

—

Patch

—

CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0024 47.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30860 is a critical-severity SQL Injection (CWE-89) vulnerability in Tencent Weknora. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other AI Platforms.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 directly addresses the core issue by requiring validation of database query inputs, including recursive inspection of PostgreSQL array and row expressions to block SQL injection bypasses.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely flaw remediation, such as upgrading WeKnora to version 0.2.12, which patches the validation failure enabling RCE.

AC-6 Least Privilege partial match

prevent

AC-6 limits the impact of RCE by enforcing least privilege on the database user, restricting abilities like library loading and large object operations required for full exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote SQL injection leading to arbitrary code execution in a network-accessible application (WeKnora with PostgreSQL backend), directly enabling exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution (RCE) vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within…

PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By smuggling dangerous PostgreSQL functions inside these expressions and chaining them with large object operations and library loading capabilities, an unauthenticated attacker can achieve arbitrary code execution on the database server with database user privileges. This issue has been patched in version 0.2.12.

Deeper analysisAI

CVE-2026-30860 is a remote code execution (RCE) vulnerability in WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval. The issue affects versions prior to 0.2.12 and resides in the application's database query functionality, which relies on PostgreSQL. The validation system does not recursively inspect child nodes within PostgreSQL array expressions and row expressions, enabling attackers to bypass SQL injection protections (CWE-89). This allows smuggling of dangerous PostgreSQL functions, chained with large object operations and library loading capabilities, resulting in arbitrary code execution on the database server under database user privileges. The vulnerability carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

An attacker with low privileges required (per CVSS) can exploit this vulnerability remotely over the network with low complexity and no user interaction. Although described as exploitable by unauthenticated attackers, the scenario involves crafting malicious inputs to the database query endpoint that evade validation, smuggling payloads within array or row expressions. Successful exploitation grants RCE on the PostgreSQL database server, executing arbitrary code with the privileges of the database user running the WeKnora application.

The GitHub Security Advisory (GHSA-8w32-6mrw-q5wv) at https://github.com/Tencent/WeKnora/security/advisories/GHSA-8w32-6mrw-q5wv confirms the issue and states it has been patched in WeKnora version 0.2.12. Security practitioners should upgrade to version 0.2.12 or later to mitigate the vulnerability.

WeKnora's use of large language models for semantic retrieval highlights its relevance to AI/ML deployments, where document processing pipelines may inadvertently expose high-severity database flaws. No real-world exploitation has been reported in available data.

Details

CWE(s): CWE-89

Affected Products

tencent

weknora

≤ 0.2.12

AI Security AnalysisAI

AI Category: Other AI Platforms
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: llm

CVEs Like This One

CVE-2026-22687Same product: Tencent Weknora

CVE-2026-30855Same product: Tencent Weknora

CVE-2026-30858Same product: Tencent Weknora

CVE-2026-30247Same product: Tencent Weknora

CVE-2026-30861Same product: Tencent Weknora

CVE-2026-22688Same product: Tencent Weknora

CVE-2026-30856Same product: Tencent Weknora

CVE-2026-5585Same vendor: Tencent

CVE-2026-22850Shared CWE-89

CVE-2026-32628Shared CWE-89

References

https://github.com/Tencent/WeKnora/security/advisories/GHSA-8w32-6mrw-q5wv
Exploit, Vendor Advisory · security-advisories@github.com