What is CVE-2026-30855?

CVE-2026-30855 is a high-severity vulnerability in Tencent Weknora, classified under Improper Access Control. CVSS score: 8.8/10. Published 2026-03-07.

How severe is CVE-2026-30855?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Tencent Weknora

CVE-2026-30855

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.2, an authorization bypass in tenant management endpoints of WeKnora application allows any authenticated user to rea…

EPSS: 0.002 (38.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Tencent Weknora — versions < 0.3.2

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/Tencent/WeKnora/security/advisories/GHSA-ccj6-79j6-cq5q (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-30855?: CVE-2026-30855 is a high-severity vulnerability in Tencent Weknora, classified under Improper Access Control. CVSS score: 8.8/10. Published 2026-03-07.
How severe is CVE-2026-30855?: High severity. CVSS v3 base score is 8.8 out of 10.