Tencent WeKnora is an LLM-powered framework for deep document understanding and semantic retrieval. Versions prior to 0.2.12 contain a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-30247) in the "Import document via URL" feature. Although the backend implements comprehensive URL validation to block private IP ranges, loopback addresses, reserved hostnames, and cloud metadata endpoints, it does not validate the final targets of HTTP redirects. Attackers can exploit this by crafting URLs that redirect through allowed external addresses to internal or sensitive endpoints, effectively bypassing all URL validation. Additionally, Docker-specific internal addresses such as host.docker.internal are not blocked, increasing the attack surface in containerized environments. This vulnerability allows attackers to coerce the server into making unauthorized requests to internal services, potentially exposing sensitive information or enabling further attacks. The vulnerability has a CVSS 3.1 base score of 5.9, reflecting medium severity with a high confidentiality impact but no integrity or availability impact. Exploitation requires no authentication or user interaction, but the attack complexity is high due to the need to craft redirect chains. The issue was publicly disclosed and patched in version 0.2.12, with no known exploits in the wild at the time of publication.

The primary impact of this SSRF vulnerability is unauthorized access to internal network resources from the vulnerable WeKnora server. Attackers can leverage redirect chains to bypass URL validation and access sensitive internal services, including cloud metadata endpoints and Docker internal addresses, which may contain credentials, configuration data, or other sensitive information. This can lead to confidentiality breaches, such as leaking secrets or internal API data. While the vulnerability does not directly affect data integrity or availability, the information gained could facilitate further attacks, including privilege escalation or lateral movement within the network. Organizations deploying WeKnora in containerized or cloud environments are at increased risk due to the exposure of Docker-specific internal addresses. The medium CVSS score reflects moderate risk, but the potential for sensitive data exposure makes this a significant concern for organizations handling confidential or regulated data.

To mitigate this vulnerability, organizations should immediately upgrade Tencent WeKnora to version 0.2.12 or later, where the SSRF issue is patched. Beyond upgrading, it is critical to implement strict outbound network egress filtering on servers running WeKnora to restrict access to internal IP ranges and sensitive endpoints, including Docker internal addresses. Network segmentation should be enforced to isolate application servers from critical internal services. Additionally, enhance URL validation logic to verify redirect targets and disallow redirects to private or reserved IP ranges and hostnames. Employ runtime monitoring and logging to detect unusual outbound requests from the application server that may indicate SSRF exploitation attempts. Containerized deployments should ensure that internal Docker hostnames are not accessible or are properly firewalled. Finally, conduct regular security assessments and penetration testing focused on SSRF vectors to identify and remediate similar weaknesses proactively.