EUVD-2026-31985

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via workflowtemplate Import. Authenticated users can supply arbitrary URLs in workflowtemplate.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in...

EUVD-2026-31983

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery SSRF bypass in the OSS file service URL fetch chat/api/oss/geturl endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse...

PT-2026-43396

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch endpoint "chat/api/oss/get url" where inconsistent URL parsing between the urlparse validation function and the requests HTTP client allows for a...

PT-2026-43398

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description Broken access control exists in the OSS file service URL fetch API endpoint "chat/api/oss/get url". The system uses the application id variable from the URL path without validating ownership, which...

Securing Autonomous AI Agents with TrendAI & NVIDIA OpenShell

Learn how TrendAI and NVIDIA OpenShell help secure autonomous AI agents and build trusted enterprise AI systems with stronger visibility and control...

AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged

The Rise of MCPs in the Enterprise The Model Context Protocol MCP is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automa...

CVE-2025-66419

CVE-2025-66419 affects MaxKB: the tool module in versions 2.3.1 and earlier allows an attacker to escape the sandbox and escalate privileges under certain concurrent conditions. Consequences are privilege elevation and potential broader impact within affected deployments. The issue has a fixed re...

PT-2025-50768

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.4.0 Description MaxKB, an open-source AI assistant for enterprise, contains a flaw in the tool module that allows an attacker to escape the sandbox environment and gain elevated privileges. This occurs under specific...

CVE-2025-64703

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...

EUVD-2025-175301

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...

CVE-2025-64511

MaxKB is vulnerable in versions prior to 2.3.1 due to SSRF in the tool module’s Python code, which can access internal network services (e.g., databases) even though the process runs in a sandbox. The issue is resolved in version 2.3.1. Connected sources corroborate the sandboxed Python-access pa...

EUVD-2025-175302

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue...

PT-2025-46859

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.3.1 Description MaxKB, an open-source AI assistant for enterprise, allows a user to access internal network services, such as databases, through Python code within the tool module. This process operates within a sandb...

The State of Enterprise AI: Why Edge Native Is the Fastest Path to ROI

...

Wiz Integrates with NVIDIA Enterprise AI Factory Validated Design

Wiz is now included in the NVIDIA Enterprise AI Factory validated design, integrating with NVIDIA AI to help developers securely build and deploy enterprise AI agents at scale...

Securing AI Innovation: Enterprise Strategies for LLM and Generative AI Security

The adoption of Large Language Models LLMs and Generative AI is revolutionizing enterprise operations, delivering unmatched innovation, efficiency, and competitive advantage. However, this rapid integration brings significant AI security challenges that organizations must address. Insights from...