20 matches found
CVE-2025-4546
CVE-2025-4546 affects 1Panel-dev MaxKB, specifically the Knowledge Base Module up to version 1.10.7. The issue enables csv injection via an unknown functionality in the Knowledge Base Module, with remote exploitation possible. Upgrading to version 1.10.8 addresses the vulnerability. If applying r...
CVE-2025-32383
MaxKB (Max Knowledge Base) has a reverse shell vulnerability in the function library module that could allow privileged users to create a reverse shell. The issue is fixed in version 1.10.4-lts. Affected software is MaxKB; root cause details are not elaborated in the provided documents. Remediati...
CVE-2024-56137
CVE-2024-56137 affects MaxKB (open source knowledge-base Q&A with LLM and RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the function library module, allowing privileged users to execute OS commands within custom scripts. The issue has been fixed in v1.9.0. Curre...
CVE-2025-48950
MaxKB (open-source AI assistant) prior to version 1.10.8-lts is affected by a sandbox bypass in the Python function library: the sandbox only enforces execution permissions for binaries in common directories (e.g., /bin, /usr/bin), allowing attackers to exploit files with execution permission in ...
CVE-2026-39425
CVE-2026-39425 affects MaxKB (enterprise AI assistant). Versions 2.7.1 and earlier allow Stored XSS via unsanitized tags in the Application prologue, stored through /admin/api/workspace/{workspace_id}/application and rendered by the frontend via innerHTML, enabling persistent XSS and potential s...
CVE-2026-39424
MaxKB (1Panel-dev) has a CSV-injection vulnerability in the chat export feature for versions 2.7.1 and earlier. When exporting chat history to .xlsx via /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export, strings beginning with formula characters are written without sani...
CVE-2025-64511
MaxKB is vulnerable in versions prior to 2.3.1 due to SSRF in the tool module’s Python code, which can access internal network services (e.g., databases) even though the process runs in a sandbox. The issue is resolved in version 2.3.1. Connected sources corroborate the sandboxed Python-access pa...
CVE-2026-39417
Affected software : MaxKB, specifically versions 2.7.1 and earlier. Vulnerability details : An incomplete fix for CVE-2025-53928 leaves a Remote Code Execution in the MCP node of the workflow engine. The fix only patched the path loading MCP config from the database; the else branch that loads mc...
CVE-2025-53927
MaxKB before 2.0.0 has a sandbox bypass where the security design restricts only a specific directory’s execution permissions. An attacker can abuse Python’s shutil.copy2 to copy a command into the executable directory, bypassing the directory restrictions and enabling a reverse shell. Affected p...
CVE-2025-64703
MaxKB (open‑source enterprise AI assistant) contains an information disclosure vulnerability in versions prior to 2.3.1. The issue arises from Python code in the tool module, where a user can obtain sensitive information despite the process running in a sandbox. The root cause is effectively a sa...
CVE-2025-53928
MaxKB has a Remote Command Execution vulnerability in the MCP call present in versions prior to 1.10.9-lts and 2.0.0. The issue is fixed in 1.10.9-lts and 2.0.0. No exploitation details are provided beyond this, and remediation is to upgrade to the fixed versions.
CVE-2026-39423
Summary (CVE-2026-39423) MaxKB (enterprise open‑source) × affected version: 2.7.1 and earlier. A vulnerability in the Markdown rendering engine enables an Eval Injection that lets any user in the AI chat interface execute arbitrary JavaScript in other users’ browsers, including administrators, le...
CVE-2026-39422
MaxKB vulnerability CVE-2026-39422 is a Stored XSS in versions 2.7.1 and earlier, triggered via the application name or icon fields when creating an application. When users visit the public chat interface (/ui/chat/{access_token}), ChatHeadersMiddleware retrieves application data and directly ins...
CVE-2026-39419
MaxKB (enterprise open-source AI assistant)
CVE-2026-39418
CVE-2026-39418 MaxKB is affected in versions ≤ 2.7.1 where the sandbox’s network protection can be bypassed. An authenticated user with tool-editing permissions can reach internal services blocked by the sandbox by using socket.sendto() with the MSG_FASTOPEN flag. MaxKB’s sandbox relies on LD_PRE...
CVE-2026-39421
CVE-2026-39421 affects MaxKB (versions 2.7.1 and earlier). The sandbox escape occurs in ToolExecutor via Python ctypes calling raw syscalls to bypass LD_PRELOAD sandbox.so, enabling arbitrary code execution through direct kernel syscalls and potential full container/network compromise. The librar...
CVE-2025-66419
CVE-2025-66419 affects MaxKB: the tool module in versions 2.3.1 and earlier allows an attacker to escape the sandbox and escalate privileges under certain concurrent conditions. Consequences are privilege elevation and potential broader impact within affected deployments. The issue has a fixed re...
CVE-2025-66446
MaxKB (enterprise AI assistant) versions 2.3.1 and earlier are affected by improper file permissions that allow overwriting the built-in dynamic linker and other critical files, potentially enabling privilege escalation. The issue is fixed in version 2.4.0. Affected component: file permissions go...
CVE-2026-39420
CVE-2026-39420 (MaxKB) affects MaxKB
CVE-2026-39426
MaxKB (enterprise open-source AI assistant) contains a Stored XSS in versions 2.7.1 and earlier. The vulnerability arises in MdRenderer.vue, which parses custom tags from LLM responses or Prologue configurations and bypasses Markdown sanitization. Unsanitized HTML is passed to IframeRender.vue a...