CVE-2026-22688: #CommandInjection in #MCP stdio configuration in #WeKnora. Authenticated users can inject commands into the MCP stdio settings, causing the server to create subprocesses and executing the injected commands. buff.ly/CyMafWP

Update to v0.2.5 or higher!

🚨 Alert #WeKnora users! 2 High Severity #CVEs were released.
CVE-2026-22687: #SQLi in the Agent service DB query tool. Due to insufficient backend checks an attacker can use prompt‑based bypass to avoid query restrictions and obtain sensitive information from the server and DB. buff.ly/kQXicrG