CVE-2026-22687: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Tencent WeKnora
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.
AI Analysis
Technical Summary
Tencent's WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. In versions prior to 0.2.5, when the Agent service is enabled, users can call a database query tool that suffers from insufficient backend validation of input queries. This leads to an SQL Injection vulnerability (CWE-89), where attackers can craft prompt-based inputs to bypass query restrictions and execute arbitrary SQL commands. Such injection can allow unauthorized reading of sensitive information, modification of data, or disruption of database availability. The vulnerability has a CVSS 3.1 score of 5.6, reflecting medium severity, with network attack vector, high attack complexity, no privileges or user interaction required, and impacts on confidentiality, integrity, and availability rated as low. The flaw was publicly disclosed on January 10, 2026, and has been patched in WeKnora version 0.2.5. No known exploits have been reported in the wild, but the nature of the vulnerability makes it a significant risk for affected deployments, especially where the Agent service is enabled and exposed to untrusted users.
Potential Impact
The SQL Injection vulnerability can lead to unauthorized disclosure of sensitive data stored in the backend database, potentially including confidential documents or user information processed by WeKnora. Attackers might also alter or delete data, impacting data integrity, or cause denial of service by disrupting database operations. Since the vulnerability can be exploited remotely without authentication, any exposed instance of WeKnora with the Agent service enabled is at risk. This can undermine trust in the system, cause regulatory compliance issues, and lead to operational disruptions. Organizations relying on WeKnora for document understanding and semantic retrieval may face data breaches or service interruptions if the vulnerability is exploited.
Mitigation Recommendations
1. Upgrade WeKnora to version 0.2.5 or later, where the vulnerability is patched. 2. Disable the Agent service if it is not required, reducing the attack surface. 3. Implement strict input validation and sanitization on all user-supplied inputs, especially those used in database queries. 4. Employ parameterized queries or prepared statements in the backend to prevent SQL Injection. 5. Restrict database permissions to the minimum necessary for the application to operate, limiting potential damage. 6. Monitor logs for unusual query patterns or repeated failed attempts that may indicate exploitation attempts. 7. Conduct regular security assessments and code reviews focusing on input handling and database interactions. 8. If feasible, deploy Web Application Firewalls (WAFs) with SQL Injection detection rules tailored to WeKnora's query patterns.
Affected Countries
China, United States, India, South Korea, Japan, Germany, United Kingdom, Singapore, Australia
CVE-2026-22687: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Tencent WeKnora
Description
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Tencent's WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. In versions prior to 0.2.5, when the Agent service is enabled, users can call a database query tool that suffers from insufficient backend validation of input queries. This leads to an SQL Injection vulnerability (CWE-89), where attackers can craft prompt-based inputs to bypass query restrictions and execute arbitrary SQL commands. Such injection can allow unauthorized reading of sensitive information, modification of data, or disruption of database availability. The vulnerability has a CVSS 3.1 score of 5.6, reflecting medium severity, with network attack vector, high attack complexity, no privileges or user interaction required, and impacts on confidentiality, integrity, and availability rated as low. The flaw was publicly disclosed on January 10, 2026, and has been patched in WeKnora version 0.2.5. No known exploits have been reported in the wild, but the nature of the vulnerability makes it a significant risk for affected deployments, especially where the Agent service is enabled and exposed to untrusted users.
Potential Impact
The SQL Injection vulnerability can lead to unauthorized disclosure of sensitive data stored in the backend database, potentially including confidential documents or user information processed by WeKnora. Attackers might also alter or delete data, impacting data integrity, or cause denial of service by disrupting database operations. Since the vulnerability can be exploited remotely without authentication, any exposed instance of WeKnora with the Agent service enabled is at risk. This can undermine trust in the system, cause regulatory compliance issues, and lead to operational disruptions. Organizations relying on WeKnora for document understanding and semantic retrieval may face data breaches or service interruptions if the vulnerability is exploited.
Mitigation Recommendations
1. Upgrade WeKnora to version 0.2.5 or later, where the vulnerability is patched. 2. Disable the Agent service if it is not required, reducing the attack surface. 3. Implement strict input validation and sanitization on all user-supplied inputs, especially those used in database queries. 4. Employ parameterized queries or prepared statements in the backend to prevent SQL Injection. 5. Restrict database permissions to the minimum necessary for the application to operate, limiting potential damage. 6. Monitor logs for unusual query patterns or repeated failed attempts that may indicate exploitation attempts. 7. Conduct regular security assessments and code reviews focusing on input handling and database interactions. 8. If feasible, deploy Web Application Firewalls (WAFs) with SQL Injection detection rules tailored to WeKnora's query patterns.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-01-08T19:23:09.854Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6961d21f19784dcf52da7b8f
Added to database: 1/10/2026, 4:14:23 AM
Last enriched: 3/14/2026, 7:32:46 PM
Last updated: 3/26/2026, 3:58:42 AM
Views: 162
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.