CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/26 8:14 p.m.•17 views

CVE-2026-45412

MaxKB (enterprise AI) is affected by SSRF in the work_flow_template component prior to version 2.9.1. An authenticated user could supply arbitrary URLs to work_flow_template.downloadUrl, and the server would fetch them without URL validation or internal IP filtering, enabling server-side requests...

ATTACKERKB•added 2026/05/26 8:14 p.m.•5 views

CVE-2026-45412

Exploits0References2Affected Software1

Cvelist•added 2026/05/26 8:14 p.m.•33 views

CVE-2026-45412 MaxKB: Unauthenticated SSRF via Workflow Template Import

6.3CVSS0.00207EPSS

EUVD•added 2026/05/26 8:14 p.m.•11 views

EUVD-2026-31985

Positive Technologies•added 2026/05/26 12:0 a.m.•10 views

PT-2026-43405

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work flow template Import. Authenticated users can supply arbitrary URLs in work flow template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed i...

CNNVD•added 2026/05/26 12:0 a.m.•10 views

Exploits0References2

MaxKB 代码问题漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.9.1 contained code vulnerabilities. These vulnerabilities stemmed from the work-flowtemplate import feature, where authenticated users could provide...

6.3CVSS6AI score0.00207EPSS

SUSE CVE•added 2026/03/25 12:24 a.m.•3 views

SUSE CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

8.9CVSS5.9AI score0.00272EPSS

Exploits1References3

OSV•added 2026/03/11 7:29 p.m.•4 views

GHSA-3WF5-G532-RCRR Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...

8.9CVSS5.8AI score0.00272EPSS

Exploits1References3

Github Security Blog•added 2026/03/11 7:29 p.m.•5 views

Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

8.9CVSS5.8AI score0.00272EPSS

Exploits1References3Affected Software3

Cvelist•added 2026/03/11 3:41 p.m.•29 views

CVE-2026-31892 WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode

8.9CVSS0.00272EPSS

Exploits1References1

Snyk•added 2026/03/11 2:49 p.m.•2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the workflowtemplateserver and clusterworkflowtemplateserver components. An attacker can obtain sensitive information, such as embedded secrets and resource manifests, by sending unauthorized requests with a...

9.8CVSS5.8AI score0.00475EPSS

Snyk•added 2026/03/11 2:49 p.m.•1 views

Information Exposure

9.8CVSS5.8AI score0.00475EPSS

Snyk•added 2026/03/11 2:49 p.m.•3 views

Information Exposure

9.8CVSS5.8AI score0.00475EPSS

CNNVD•added 2026/03/11 12:0 a.m.•4 views

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions prior to Argo Workflows 4.0.2 and 3.7.11 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users to bypass all security settings in the...

8.9CVSS7.3AI score0.00272EPSS