A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://gist.github.com/YLChen-007/1cdc50418f29af7ae671466425e52c7b | Exploit Third Party Advisory |
| https://vuldb.com/submit/812172 | Exploit Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/364410 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/364410/cti | Permissions Required VDB Entry |
Configurations
History
19 May 2026, 14:30
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:tencent:weknora:*:*:*:*:*:*:*:* | |
| References | () https://gist.github.com/YLChen-007/1cdc50418f29af7ae671466425e52c7b - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/submit/812172 - Exploit, Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/364410 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/364410/cti - Permissions Required, VDB Entry | |
| First Time |
Tencent weknora
Tencent |
18 May 2026, 04:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-18 04:16
Updated : 2026-05-19 14:30
NVD link : CVE-2026-8786
Mitre link : CVE-2026-8786
CVE.ORG link : CVE-2026-8786
JSON object : View
Products Affected
tencent
- weknora