EUVD-2026-31983

🗓️ 26 May 2026 20:09:25Reported by EUVDType

MaxKB versions before 2.8.1 have an SSRF in chat/api/oss/get_url from URL parsing; fixed in 2.8.1.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-42335	26 May 202620:09	–	attackerkb
CNNVD	MaxKB 代码问题漏洞	26 May 202600:00	–	cnnvd
CVE	CVE-2026-42335	26 May 202620:09	–	cve
Cvelist	CVE-2026-42335 MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy	26 May 202620:09	–	cvelist
NVD	CVE-2026-42335	26 May 202621:16	–	nvd
Positive Technologies	PT-2026-43396	26 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-42335	27 May 202620:13	–	redhatcve
Vulnrichment	CVE-2026-42335 MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy	26 May 202620:09	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "61bf320e-77d7-31af-bda0-6d9a7cd6af71",
        "vendor": {
          "name": "1Panel-dev"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "d16a3bc0-9641-3405-abc7-455d9c4f39da",
        "product": {
          "name": "MaxKB",
          "vendor": {
            "name": "1Panel-dev"
          }
        },
        "product_version": "< 2.8.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/1Panel-dev/MaxKB/security/advisories/GHSA-r8hf-mwwr-hxgc

26 May 2026 20:09Current

5.8Medium risk

Vulners AI Score5.8

CVSS 46.3

EPSS0.0022