Lucene search
+L

8 matches found

NVD
NVD
added 2026/07/10 4:16 p.m.7 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/10 3:5 p.m.30 views

CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/10 3:5 p.m.8 views

EUVD-2026-42924

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 3:5 p.m.4 views

CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 3:5 p.m.12 views

CVE-2026-54149

MaxKB is affected by CVE-2026-54149 prior to version 2.10.0-lts. The vulnerability resides in tool import validation (apps/tools/serializers/tool.py) and MCP referencing mode (apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py), where MCP transport type is not consistently valid...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.9 views

PT-2026-57209

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.10.0-lts Description An issue exists where the tool import functionality in apps/tools/serializers/tool.py and the MCP referencing mode in apps/application/chat pipeline/step/chat step/impl/base chat step.py do not...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

8.4CVSS5.6AI score0.00246EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:25 p.m.6 views

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

8.4CVSS5.8AI score0.00246EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder