{"data":{"id":"a67ea3b7-f725-466d-9959-27a0b8b5bcdc","title":"GHSA-ccj6-79j6-cq5q: WeKnora Vulnerable to Broken Access Control in Tenant Management","summary":"WeKnora has a broken access control vulnerability (BOLA, or broken object-level authorization, where an attacker can access resources they shouldn't by manipulating object IDs) in its tenant management system that allows any authenticated user to read, modify, or delete any tenant without permission checks. Since anyone can register an account, attackers can exploit this to take over or destroy other organizations' accounts and access their sensitive data like API keys.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-ccj6-79j6-cq5q","publishedAt":"2026-03-06T23:53:53.000Z","cveId":"CVE-2026-30855","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":["github.com/Tencent/WeKnora@< 0.3.1 (fixed: 0.3.1)"],"affectedVendors":[],"affectedVendorsRaw":["WeKnora"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00114,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}