Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/26 2:42 p.m.37 views

CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS0.00194EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-39419

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS5.6AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.12 views

PT-2026-32583

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

3.1CVSS5.9AI score0.00222EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from the possibility of bypassing sandbox result validation, which could allow...

3.1CVSS5.9AI score0.00222EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/10 6:46 p.m.5 views

CVE-2026-27826

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

8.2CVSS5.9AI score0.14958EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/04 7:28 p.m.2 views

GHSA-JJGJ-CPP9-CVPV OpenClaw Vulnerable to Local File Exfiltration via MCP Tool Result MEDIA: Directive Injection

Summary A malicious or compromised MCP Model Context Protocol tool server can exfiltrate arbitrary local files from the host system by injecting MEDIA: directives into tool result text content. OpenClaw's tool result processing pipeline extracts file paths from MEDIA: tokens without source-level...

6.9CVSS6.1AI score
Exploits0References3
Rows per page
Query Builder