CVE-2026-22688 Common Vulnerabilities and Exposures

Upstream information

CVE-2026-22688 at MITRE

Description

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5.

Other Security Trackers

EUVD-2026-1879

SUSE information

Overall state of this security issue: Does not affect SUSE products

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References

SUSE Timeline for this CVE

CVE page created: Sat Jan 10 06:02:33 2026
CVE page last modified: Fri May 8 11:57:49 2026