WeKnora Unauthenticated Remote Code Execution Vulnerability in MCP Stdio Configuration Validation

A critical unauthenticated remote code execution vulnerability has been identified in WeKnora versions 0.2.5 prior to 0.2.10. The issue arises in the MCP stdio configuration validation, where an open registration policy allows attackers to create accounts and exploit a command injection flaw. Although the application implemented a whitelist for allowed commands and blacklists for dangerous arguments and environment variables, the validation could be bypassed using the -p flag with npx node. This exploitation enables arbitrary command execution with the application's privileges, potentially leading to complete system compromise.

Impact

Exploitation of this vulnerability allows unauthenticated remote code execution, leading to full server compromise. An attacker could execute arbitrary commands with application privileges, causing a complete data breach, system compromise, and allowing the installation of malware or ransomware. Additionally, this vulnerability could be exploited to move laterally to internal systems.

Reproduction

To reproduce this vulnerability, register a new account on a WeKnora instance running a vulnerable version. After registration, create a malicious MCP service that uses the 'stdio' transport type. In the service configuration, specify 'npx' as the command and include a JavaScript payload in the arguments that writes a file to the server, such as '/tmp/pwned.txt'. Once the service is created, it can be tested, triggering the execution of the payload and confirming the exploitation of the vulnerability.

Remediation

Users are advised to upgrade to WeKnora version 0.2.10 or later.