Tencent WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, it contained a Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2026-30858, categorized under CWE-918. The vulnerability stems from a DNS rebinding attack targeting the web_fetch tool within WeKnora. During URL validation, the tool resolves a malicious domain to a public IP address, passing validation checks. However, during execution, the same domain resolves to a private IP address (e.g., 127.0.0.1 or 192.168.x.x), allowing the attacker to bypass URL validation and access internal network resources. This can lead to unauthorized access to sensitive local services and potential data exfiltration. The attack requires no user interaction and can be performed by an unauthenticated attacker with network access to the vulnerable server. The vulnerability affects all versions of WeKnora before 0.3.0 and has been addressed in the 0.3.0 release. The CVSS 3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, and no user interaction required. The impact primarily affects confidentiality, with no direct impact on integrity or availability reported. No known exploits are currently observed in the wild.

The SSRF vulnerability in WeKnora allows attackers to access internal services that are typically protected from external access, including those bound to localhost or private IP ranges. This can lead to unauthorized disclosure of sensitive information residing on internal services, such as configuration data, credentials, or other private documents. Organizations using WeKnora in environments with sensitive internal services exposed to the vulnerable component face risks of data leakage and potential lateral movement within their networks if attackers leverage this access further. Since the vulnerability requires no user interaction and can be exploited remotely, it increases the attack surface significantly. The impact is especially critical for organizations relying on WeKnora for document understanding in regulated industries or those handling sensitive intellectual property. However, the lack of integrity or availability impact reduces the risk of destructive attacks. The absence of known exploits in the wild suggests limited active exploitation but does not eliminate the risk of future attacks.

To mitigate this vulnerability, organizations should upgrade Tencent WeKnora to version 0.3.0 or later, where the DNS rebinding issue in the web_fetch tool has been patched. Until upgrading is possible, administrators should implement network-level controls to restrict outbound HTTP requests from WeKnora to trusted domains only, effectively preventing SSRF exploitation. Additionally, deploying web application firewalls (WAFs) with rules to detect and block DNS rebinding patterns can reduce risk. It is also recommended to monitor logs for unusual outbound requests to private IP ranges and suspicious DNS resolution behavior. Network segmentation should be enforced to limit access to sensitive internal services from application servers running WeKnora. Finally, conducting regular security assessments and penetration tests focusing on SSRF vectors can help identify residual risks.