top of page
perceptive_background_267k.jpg

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent ser…

Published:

9 January 2026 at 23:00:00

Alert date:

10 January 2026 at 13:10:58

Source:

nvd.nist.gov

Click to open the original link from this advisory

CVE-2026-22687 affects WeKnora, an LLM-powered framework for document understanding and semantic retrieval. Prior to version 0.2.5, the Agent service allows attackers to use prompt-based bypass techniques to evade database query restrictions. This vulnerability enables unauthorized access to sensitive information from target servers and databases due to insufficient backend validation. The issue has been patched in version 0.2.5.

Technical details

Mitigation steps:

Affected products:

WeKnora

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-22687
https://github.com/Tencent/WeKnora/commit/da55707022c252dd2c20f8e18145b2d899ee06a1
https://github.com/Tencent/WeKnora/security/advisories/GHSA-pcwc-3fw3-8cqv

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page