CNNVD-202601-1744 Information
CNNVD ID
CNNVD-202601-1744
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
WeKnora是Tencent开源的一个基于LLM的框架,具有使用RAG范式进行深度文档理解、语义检索和上下文感知答案等功能。 WeKnora 0.2.5之前版本存在SQL注入漏洞,该漏洞源于后端验证不足,可能导致绕过查询限制并获取敏感信息。
Description (English)
WeKnora is a Tencent open source LLM-based framework that uses the RAG paradigm for in-depth documentation understanding, semantic retrieval, and context perception answers. The previous version of WeKnora 0.2.5 had an injection loophole in SQL, which originated from a lack of back-end validation and could lead to bypassing search restrictions and obtaining sensitive information.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
腾讯
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/Tencent/WeKnora/commit/da55707022c252dd2c20f8e18145b2d899ee06a1 https://github.com/Tencent/WeKnora/security/advisories/GHSA-pcwc-3fw3-8cqv
Patch
https://github.com/Tencent/WeKnora/releases
Share on: