Tencent WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, WeKnora contained a critical improper access control vulnerability (CWE-284) identified as CVE-2026-30855. The vulnerability resides in the tenant management endpoints, which lack proper authorization checks. This flaw allows any authenticated user to perform unauthorized actions such as reading, modifying, or deleting any tenant by specifying the tenant ID. Because WeKnora permits open public registration, an attacker can easily create an account without prior authorization and exploit this vulnerability to gain control over other tenants. This cross-tenant access enables attackers to take over accounts belonging to other tenants, potentially leading to data theft, unauthorized modifications, or complete destruction of tenant data. The vulnerability is remotely exploitable without user interaction and requires only low privileges (authenticated user). The CVSS v3.1 score is 8.8 (high), reflecting the critical impact on confidentiality, integrity, and availability. Tencent has addressed this issue in WeKnora version 0.3.2 by implementing proper authorization controls on tenant management endpoints. No known exploits in the wild have been reported yet, but the ease of exploitation and critical impact make this a significant threat to organizations using vulnerable versions of WeKnora.

The vulnerability allows attackers to bypass authorization controls and perform cross-tenant account takeover and data destruction. This compromises the confidentiality of sensitive tenant data, the integrity of documents and configurations, and the availability of tenant services. Organizations relying on WeKnora for document understanding and semantic retrieval risk severe operational disruption, data breaches, and loss of trust. Attackers can manipulate or delete tenant data, potentially causing cascading effects in multi-tenant environments. The open registration feature exacerbates the risk by enabling unauthenticated attackers to gain initial access easily. The impact extends to any organization using vulnerable WeKnora versions, especially those handling sensitive or regulated data. The critical nature of this vulnerability demands immediate remediation to prevent exploitation and potential widespread damage.

1. Upgrade WeKnora to version 0.3.2 or later, where the vulnerability is patched with proper authorization checks on tenant management endpoints. 2. If immediate upgrade is not possible, implement network-level access controls to restrict access to tenant management APIs only to trusted administrative users. 3. Enforce strong authentication and multi-factor authentication (MFA) for all user accounts to reduce the risk of account abuse. 4. Monitor tenant management endpoints for unusual activity, such as unauthorized read, modify, or delete requests across tenants. 5. Limit or disable public account registration if not required, or implement stricter validation and approval workflows for new accounts. 6. Conduct regular security audits and penetration testing focusing on access control mechanisms in multi-tenant environments. 7. Educate administrators and developers on secure coding practices to prevent improper access control vulnerabilities in future releases.