WeKnora is susceptible to a critical unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands with full application privileges.

The vulnerability is located in the MCP stdio configuration validation. An unauthenticated remote attacker can bypass existing blacklists and whitelists by using the -p flag with npx node to execute arbitrary commands on the underlying server.

This flaw poses an extreme risk to data confidentiality, integrity, and availability. Successful exploitation grants the attacker the same privileges as the application, enabling them to steal sensitive documents, modify data, or move laterally within the network. The CVSS score of 9.9 underscores the critical risk associated with unauthenticated RCE.

Immediate Action: Upgrade WeKnora to version 0.2.10 or later to apply the necessary validation fixes.

Proactive Monitoring: Audit application logs for suspicious npx or uvx command executions and monitor for unauthorized user registrations.

Compensating Controls: Implement strict network egress filtering to prevent the application from communicating with malicious external servers during a potential exploit.

Public Exploit Available: true

Given the unauthenticated nature of this RCE and the high CVSS score, this vulnerability must be treated as a top priority. Organizations using WeKnora should update to version 0.2.10 immediately to mitigate the risk of total system takeover.