CVE-2026-8786

MEDIUM 6.3

Tencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorization

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

10th

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE	CWE-639 CWE-285
Vendor	tencent
Product	weknora
Published	May 18, 2026
Last Updated	May 18, 2026

Stay Ahead of the Next One

Get instant alerts for tencent weknora

Be the first to know when new medium vulnerabilities affecting tencent weknora are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Tencent / WeKnora

0.3.0 0.3.1 0.3.2 0.3.3 0.3.4 0.3.5 0.3.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/364410 vuldb.com: https://vuldb.com/vuln/364410/cti vuldb.com: https://vuldb.com/submit/812172 gist.github.com: https://gist.github.com/YLChen-007/1cdc50418f29af7ae671466425e52c7b

Credits

🔍 Eric-z (VulDB User) VulDB CNA Team