{"data":{"id":"537185db-2974-4598-998e-7f41d17e01d1","title":"GHSA-8w32-6mrw-q5wv: WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool","summary":"WeKnora, an AI database query tool, has a critical Remote Code Execution (RCE, where an attacker can run commands on a system they don't own) vulnerability caused by incomplete validation in its SQL injection protection system. The validation framework fails to check PostgreSQL array expressions and row expressions, allowing attackers to hide dangerous functions inside these expressions and bypass all seven security phases, leading to arbitrary code execution on the database server.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-8w32-6mrw-q5wv","publishedAt":"2026-03-06T23:59:20.000Z","cveId":"CVE-2026-30860","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":["github.com/Tencent/WeKnora@<= 2.0.11"],"affectedVendors":[],"affectedVendorsRaw":["WeKnora","GLM","Z.AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0016,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}