1Panel-Dev Maxkb vulnerabilities
30 known vulnerabilities affecting 1panel-dev/maxkb.
Total CVEs
30
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH10MEDIUM14LOW4
Vulnerabilities
Page 1 of 2
CVE-2025-53928P2CRITICALCVSS 9.8fixed in 2.8.02025-07-17
CVE-2025-53928 [CRITICAL] CWE-94 CVE-2025-53928: MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remot
MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.
nvd
CVE-2025-66419P3CRITICALCVSS 10.0fixed in 2.4.02025-12-11
CVE-2025-66419 [CRITICAL] CWE-362 CVE-2025-66419: MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module al
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
nvd
CVE-2025-4546P3HIGHCVSS 8.8fixed in 2.8.02025-05-11
CVE-2025-4546 [HIGH] CWE-74 CVE-2025-4546: A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affect
A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.
nvd
CVE-2025-64511P3HIGHCVSS 8.8fixed in 2.3.12025-11-13
CVE-2025-64511 [HIGH] CWE-918 CVE-2025-64511: MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access i
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the tool module, although the process runs in a sandbox. Version 2.3.1 fixes the issue.
nvd
CVE-2025-66446P3HIGHCVSS 7.5fixed in 2.4.02025-12-11
CVE-2025-66446 [HIGH] CWE-362 CVE-2025-66446: MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file per
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.
nvd
CVE-2026-39420P3HIGHCVSS 7.4fixed in 2.8.02026-04-14
CVE-2026-39420 [HIGH] CWE-78 CVE-2026-39420: MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sand
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LD_PRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop the sandbox.so hook, leading to unrestricted Remote Code
nvd
CVE-2026-44847P3HIGHCVSS 7.5fixed in 2.9.02026-05-26
CVE-2026-44847 [HIGH] CWE-287 CVE-2026-44847: MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoin
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which Django REST Framework interprets as successful authentication. Combined with optional per-trigger token verifi
nvd
CVE-2026-6108P3MEDIUMCVSS 6.3v2.6.0v2.6.12026-04-12
CVE-2026-6108 [MEDIUM] CWE-77 CVE-2026-6108: A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function exec
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has bee
nvd
CVE-2025-48950P3HIGHCVSS 8.8fixed in 1.10.8-lts2025-06-03
CVE-2025-48950 [HIGH] CWE-276 CVE-2025-48950: MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restr
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the
nvd
CVE-2026-39421P3HIGHCVSS 7.4fixed in 2.8.02026-04-14
CVE-2026-39421 [HIGH] CWE-94 CVE-2026-39421: MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox esca
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-based sandbox.so module to achieve arbitrary code execution v
nvd
CVE-2024-56137P3HIGHCVSS 7.2fixed in 1.9.02025-01-02
CVE-2024-56137 [HIGH] CWE-78 CVE-2024-56137: MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering syst
MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged users to execute OS command in cus
nvd
CVE-2026-42335P3MEDIUMCVSS 6.3fixed in 2.8.12026-05-26
CVE-2026-42335 [MEDIUM] CWE-918 CVE-2026-42335: MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vuln
MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch (chat/api/oss/get_url) endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse validation function and the requests HTTP client, al
nvd
CVE-2026-39418P3HIGHCVSS 7.4fixed in 2.8.02026-04-14
CVE-2026-39418 [HIGH] CWE-918 CVE-2026-39418: MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network pr
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by the sandbox's banned hosts configuration. MaxKB's sandbo
nvd
CVE-2026-45412P3MEDIUMCVSS 6.3fixed in 2.9.12026-05-26
CVE-2026-45412 [MEDIUM] CWE-918 CVE-2026-45412: MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Imp
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary URLs in work_flow_template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in 2.9.1.
nvd
CVE-2025-32383P3HIGHCVSS 7.2fixed in 1.10.4-lts2025-04-10
CVE-2025-32383 [HIGH] CWE-94 CVE-2025-32383: MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a lar
MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts.
nvd
CVE-2025-10433P3MEDIUMCVSS 6.3v2.0v2.0.0+3 more2025-09-15
CVE-2025-10433 [MEDIUM] CWE-20 CVE-2025-10433: A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknow
A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to ve
nvd
CVE-2026-56779P3MEDIUMCVSS 6.4fixed in 2.10.02026-06-25
CVE-2026-56779 [MEDIUM] CWE-918 CVE-2026-56779: MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update
MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download_url parameters. Attackers with default workspace USER role can exploit this to access internal network services by p
nvd
CVE-2026-42337P3MEDIUMCVSS 5.3fixed in 2.8.12026-05-26
CVE-2026-42337 [MEDIUM] CWE-862 CVE-2026-42337: MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broke
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API (chat/api/oss/get_url). The endpoint uses application_id from the URL path without validating ownership, allowing attackers to perform operations under other applications’ policies.
nvd
CVE-2025-64703P3MEDIUMCVSS 6.5fixed in 2.3.12025-11-13
CVE-2025-64703 [MEDIUM] CWE-200 CVE-2025-64703: MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sens
MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue.
nvd
CVE-2026-42336P3MEDIUMCVSS 5.1fixed in 2.8.12026-05-26
CVE-2026-42336 [MEDIUM] CWE-367 CVE-2026-42336: MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a serve
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access internal network services. This vulnerability is fixe
nvd
1 / 2Next →