Tencent WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Versions prior to 0.3.0 contain a Server-Side Request Forgery (SSRF) vulnerability identified as CVE-2026-30858, categorized under CWE-918. The root cause is a DNS rebinding vulnerability in the web_fetch tool component. During URL validation, the tool resolves a domain name to a public IP address, allowing the URL to pass validation. However, during execution, the same domain resolves to a private IP address (e.g., 127.0.0.1 or 192.168.x.x), enabling the server to make unauthorized requests to internal resources. This bypasses intended URL validation and access controls. An unauthenticated attacker can exploit this by crafting malicious domains that switch DNS resolution from public to private IPs, gaining access to sensitive internal services that are normally inaccessible externally. Potential impacts include unauthorized data access, information disclosure, and possible lateral movement within the internal network. The vulnerability does not require user interaction but does require the attacker to send crafted requests to the vulnerable server. Tencent has patched this issue in WeKnora version 0.3.0. No known exploits are reported in the wild as of the publication date. The CVSS v3.1 score is 6.5, reflecting medium severity with high confidentiality impact but no integrity or availability impact. The attack vector is network-based with low attack complexity and requires low privileges.

The SSRF vulnerability in Tencent WeKnora can have significant impacts on organizations using affected versions. Attackers can leverage this flaw to access internal network resources that are otherwise protected by network segmentation or firewalls. This can lead to unauthorized disclosure of sensitive information hosted on internal services, such as databases, metadata endpoints, or administrative interfaces. In some environments, this could facilitate further attacks like privilege escalation or lateral movement if internal services are vulnerable. The confidentiality of internal data is at high risk, while integrity and availability impacts are minimal. Because the vulnerability is exploitable remotely without authentication or user interaction, it poses a substantial risk to exposed deployments. Organizations relying on WeKnora for document understanding and semantic retrieval may face data breaches or operational disruptions if attackers exploit this SSRF flaw. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as the vulnerability is publicly disclosed. Failure to patch promptly could expose organizations to targeted attacks or automated scanning by threat actors.

1. Upgrade Tencent WeKnora to version 0.3.0 or later, where the DNS rebinding SSRF vulnerability is patched. 2. Implement strict network segmentation and firewall rules to restrict server access to internal services, minimizing the impact of SSRF exploitation. 3. Employ DNS resolution policies or DNS pinning techniques to prevent DNS rebinding attacks, ensuring that domain names resolve consistently during validation and execution phases. 4. Use allowlists for outbound HTTP requests from the server, limiting requests only to trusted domains and IP ranges. 5. Monitor and log outbound requests from the WeKnora server to detect anomalous or unauthorized internal resource access attempts. 6. Conduct regular security assessments and penetration testing focusing on SSRF and DNS rebinding vectors in your environment. 7. Educate developers and administrators about SSRF risks and secure coding practices related to URL validation and DNS handling. 8. If upgrading immediately is not feasible, consider disabling or restricting the web_fetch tool functionality until a patch can be applied.