DNS Rebinding Vulnerability in WeKnora Framework by Tencent

CVE-2026-30858

What is CVE-2026-30858?

The WeKnora framework, developed by Tencent for enhanced document understanding, contains a vulnerability in the web_fetch tool prior to version 0.3.0. This flaw allows unauthenticated attackers to exploit DNS rebinding techniques to circumvent URL validation. By directing valid requests to a malicious domain that points to a public IP during validation and resolves to a private IP during execution, attackers can gain unauthorized access to sensitive internal resources, including local services and private IP addresses. This weakness poses significant risks as it may enable potential data exfiltration. The issue has been resolved in the updated version 0.3.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References