WeKnora MCP Config-Driven RCE (CVE-2026-22688) - ATR-2026-00418 (0850c535-4ee8-56fc-a77b-fbfee0373250)

Detects exploitation of CVE-2026-22688 in Tencent WeKnora. The MCP plugin loader reads server configuration from user-writable JSON / YAML files without authentication or origin verification, treating the command field as an OS-exec target. An attacker who can write to the config directory (e.g. via shared volume, supply-chain commit, or cross-tenant misconfig) achieves persistent RCE on the WeKnora host the next time the loader runs. Same root cause class as the OX-disclosure 2026-04-15 batch, but the delivery vector is config-file injection rather than HTTP registration.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
WeKnora MCP Config-Driven RCE (CVE-2026-22688) - ATR-2026-00418 (0850c535-4ee8-56fc-a77b-fbfee0373250)	Agent Threat Rules	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	1
WeKnora MCP Config-Driven RCE (CVE-2026-22688) - ATR-2026-00418 (0850c535-4ee8-56fc-a77b-fbfee0373250)	Agent Threat Rules	ML Supply Chain Compromise (d2cf31e0-a550-4fe0-8fdb-8941b3ac00d9)	MITRE ATLAS Attack Pattern	1
WeKnora MCP Config-Driven RCE (CVE-2026-22688) - ATR-2026-00418 (0850c535-4ee8-56fc-a77b-fbfee0373250)	Agent Threat Rules	AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a)	MITRE ATLAS Attack Pattern	1
WeKnora MCP Config-Driven RCE (CVE-2026-22688) - ATR-2026-00418 (0850c535-4ee8-56fc-a77b-fbfee0373250)	Agent Threat Rules	Event Triggered Execution - T1546 (b6301b64-ef57-4cce-bb0b-77026f14a8db)	Attack Pattern	1
WeKnora MCP Config-Driven RCE (CVE-2026-22688) - ATR-2026-00418 (0850c535-4ee8-56fc-a77b-fbfee0373250)	Agent Threat Rules	Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7)	Attack Pattern	1