Количество 2
Количество 2
CVE-2026-22688
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.
GHSA-78h3-63c4-5fqc
WeKnora has Command Injection in MCP stdio test
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-22688 WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5. | CVSS3: 9.9 | 0% Низкий | 10 дней назад |
| GHSA-78h3-63c4-5fqc WeKnora has Command Injection in MCP stdio test | CVSS3: 9.9 | 0% Низкий | 11 дней назад |
Уязвимостей на страницу