CVE-2025-11046 | Tencent WeKnora 0.1.0 test testEmbeddingModel baseUrl server-side request forgery

A vulnerability categorized as critical has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery.

This vulnerability is reported as CVE-2025-11046. The attack can be launched remotely. Moreover, an exploit is present.

It is advisable to upgrade the affected component.

The vendor responds: “We have confirmed that the issue mentioned in the report does not exist in the latest releases”.VulDB Recent EntriesRead More