CNNVD-202509-4043 Information
CNNVD ID
CNNVD-202509-4043
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
WeKnora是Tencent开源的一个基于LLM的框架,具有使用RAG范式进行深度文档理解、语义检索和上下文感知答案等功能。 WeKnora 0.1.0版本存在代码问题漏洞,该漏洞源于对文件/api/v1/initialization/embedding/test中参数baseUrl的错误操作,可能导致服务端请求伪造。
Description (English)
WeKnora is a Tencent open source LLM-based framework that uses the RAG paradigm for in-depth documentation understanding, semantic retrieval, and context perception answers. Version 1.0.0 of WeKnora has a code problem loophole, which stems from the mishandling of the parameter BaseUrl in document/api/v1/initiation/embeding/test, which may lead to the forgery of service requests.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
腾讯
Published
2025-09-26
Last Modified
2026-02-24
References
https://github.com/Hebing123/cve/issues/90 https://vuldb.com/?ctiid.326083 https://vuldb.com/?id.326083 https://vuldb.com/?submit.658926 https://access.redhat.com/security/cve/cve-2025-11046
Patch
https://github.com/Tencent/WeKnora/releases
Share on: