CVE-2026-8786 | Tencent WeKnora up to 0.3.6 Config API Endpoint initialization.go getKnowledgeBaseForInitialization kbId authorization

A vulnerability has been found in Tencent WeKnora up to 0.3.6 and classified as critical. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass.

This vulnerability is traded as CVE-2026-8786. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8786 | Tencent WeKnora up to 0.3.6 Config API Endpoint initialization.go getKnowledgeBaseForInitialization kbId authorization

Post correlati

CVE-2023-25176 | OpenHarmony up to 3.2.4 out-of-bounds

CVE-2025-7562 | PHPGurukul Online Fire Reporting System 1.2 /admin/new-requests.php teamid sql injection

CVE-2023-41993 | Oracle Java SE/GraalVM Enterprise Edition JavaFX WebKitGTK unusual condition

CVE-2024-47555 | Xerox FreeFlow Core up to 7.0.10 Configuration missing authentication