AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-2f4c-vrjq-rcgv: WeKnora has Broken Access Control - Cross-Tenant Data Exposure

highvulnerabilityLLM-Specific

security

Source: GitHub Advisory DatabaseMarch 6, 2026CVE-2026-30859

Summary

WeKnora has a broken access control vulnerability (a security flaw where the application fails to properly check permissions) that lets any logged-in user from one tenant (a separate customer or organization) read sensitive data from other tenants' databases, including API keys (credentials for accessing external services), model configurations, and private messages. The problem happens because three database tables (messages, embeddings, models) are allowed to be queried but don't have automatic tenant filtering applied to them.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Data Extraction

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Affected Packages

github.com/Tencent/WeKnora@<= 2.0.11

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: March 6, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 95%