A user with no role is able to see the knowledge article with a particular category even when "can contribute" user criteria is set for the knowledge base.

User was allowed read access to the knowledge base because "Can Read" user criteria was not set for this knowledge base and glide.knowman.block_access_with_no_user_criteria is set to false.

As clearly documented - https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/knowledge-management/task/t_SelectUserCriteria.html

When the Can Read user criteria for a knowledge base isn't set, the glide.knowman.block_access_with_no_user_criteria property value is further evaluated to determine read access, as explained in the following table.

If set to false - All users, including unauthenticated users, have read access to the knowledge base and the article-level user criteria are further evaluated

1. Go to knowledge base
2. In the related list - "can read" , click edit or create new to provide a proper user criteria
3. save and clear instance cache.
4. test the issue.