What is CVE-2026-22687?

CVE-2026-22687 is a medium-severity vulnerability in Tencent Weknora, classified under SQL Injection. CVSS score: 5.6/10. Published 2026-01-10.

How severe is CVE-2026-22687?

Medium severity. CVSS v3 base score is 5.6 out of 10.

SQL Injection in Tencent Weknora

CVE-2026-22687

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient back…

Vulnerability class: SQL Injection

EPSS: 0.000 (11.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.6 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Tencent Weknora — versions < 0.2.5

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/Tencent/WeKnora/security/advisories/GHSA-pcwc-3fw3-8cqv (x_refsource_CONFIRM)
https://github.com/Tencent/WeKnora/commit/da55707022c252dd2c20f8e18145b2d899ee06a1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-22687?: CVE-2026-22687 is a medium-severity vulnerability in Tencent Weknora, classified under SQL Injection. CVSS score: 5.6/10. Published 2026-01-10.
How severe is CVE-2026-22687?: Medium severity. CVSS v3 base score is 5.6 out of 10.