CVE-2026-6107

A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chatheadersmiddleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the atta...

MaxKB 操作系统命令注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.6.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the execute function in the Model...

CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0...

CVE-2025-64511

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue...

PT-2025-23652 · Maxkb · Maxkb

Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 1.10.8-lts Description: The issue allows attackers to exploit certain files with execution permissions in non-blacklisted directories to carry out attacks, as the Sandbox only restricts the execution permissions of...

PT-2025-3195 · Maxkb · Maxkb

Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 1.9.0 Description: MaxKB is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation. A remote command execution issue existed in the function library...