CVE-2026-30858
Title: DNS Rebinding in web_fetch tool
Proof Of Concept
No public PoC currently indexed for CVE-2026-30858.
Vulnerability Summary
CVE-2026-30858: WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a DNS rebinding vulnerability in the web_fetch tool allows an unauthenticated attacker to bypass URL validation and access internal resources on the server, including private IP addresses (e.g., 127.0.0.1, 192.168.x.x). By crafting a malicious domain that resolves to a public IP during validation and subsequently resolves to a private IP during execution, an attacker can access sensitive local services and potentially exfiltrate data. This issue has been patched in version 0.3.0.
Impacted Vendors
Reference Links
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
CVE-2026-30858 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Attack Vector Matrix
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Stack
No specific products linked.