Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2
Critical1
High1
Medium0
Reset
Showing 1-2 of 2 records
Threat Entry Updated 2026-01-22

CVE-2026-22688 - WeKnora Plugin

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.

PLUGIN WeKnora

CVE-2026-22688

CRITICAL CVSS 9.9 2026-01-10
Open Full Technical Breakdown
Threat Entry Updated 2026-01-22

CVE-2026-22687 - WeKnora Plugin

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5.

PLUGIN WeKnora

CVE-2026-22687

HIGH CVSS 8.1 2026-01-10
Open Full Technical Breakdown
Scroll to top