Severity:
CRITICAL RISK
(9.9)
Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora
CVE-2026-30861
Published:
Mar 7, 2026
Status:
Received
Summary
Affected Context
Exploit Preconditions
Why This Happens
Potential Impact
General Mitigation Guidance
How Teams Detect Issues Like This
Frequently Asked Questions
Source
NDV
Recent Vulnerabilities
CWE-89
(9.9)
SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine
Remote Code Execution via SQL Injection on the Database Server
March 7, 2026
CWE-284
(8.8)
Authorization Bypass in Tenant Management (CWE-284) in WeKnora
Cross-Tenant Account Takeover and Data Destruction
March 7, 2026
