Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MaxKB — Vulnerabilities & Security Advisories 25

All 25 CVE vulnerabilities found in MaxKB, with AI-generated Chinese analysis, references, and POCs.

Vendor: 1Panel-dev

CVE IDTitleCVSSSeverityPublished
CVE-2026-39426 MaxKB: Stored XSS via Unsanitized iframe_render Parsing CWE-79 5.4 -2026-04-14
CVE-2026-39425 MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering CWE-80 5.4 -2026-04-14
CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing CWE-74 3.1 Low2026-04-14
CVE-2026-39424 MaxKB has CSV Injection in its Application Chat Export Functionality CWE-1236 7.8 -2026-04-14
CVE-2026-39423 Stored XSS via Eval Injection in EchartsRander Component CWE-79 5.4 -2026-04-14
CVE-2026-39422 MaxKB has Stored XSS via ChatHeadersMiddleware CWE-79 5.4 -2026-04-14
CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect CWE-693 6.3 Medium2026-04-14
CVE-2026-39420 MaxKB: Sandbox escape via LD_PRELOAD bypass CWE-693 6.3 Medium2026-04-14
CVE-2026-39418 MaxKB: SSRF via sandbox network hook bypass CWE-918 5.0 Medium2026-04-14
CVE-2026-39417 MaxKB: RCE via MCP stdio command injection in workflow engine CWE-78 4.6 Medium2026-04-14
CVE-2025-15632 1Panel-dev MaxKB MdPreview chat.ts cross site scripting CWE-79 3.5 Low2026-04-13
CVE-2026-6108 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection CWE-78 6.3 Medium2026-04-12
CVE-2026-6107 1Panel-dev MaxKB ChatHeadersMiddleware chat_headers_middleware.py cross site scripting CWE-79 3.5 Low2026-04-12
CVE-2026-6106 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting CWE-79 3.5 Low2026-04-11
CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass CWE-362 8.8 High2025-12-11
CVE-2025-66419 MaxKB vulnerable to privilege escalation through sandbox bypass CWE-362 8.8 High2025-12-11
CVE-2025-64703 MaxKB has Information Leak in sandbox CWE-200 6.3 Medium2025-11-13
CVE-2025-64511 MaxKB has SSRF in sandbox CWE-918 7.4 High2025-11-13
CVE-2025-10433 1Panel-dev MaxKB debug deserialization CWE-502 6.3 Medium2025-09-15
CVE-2025-53928 MaxKB has RCE in MCP call CWE-94 4.6 Medium2025-07-17
CVE-2025-53927 MaxKB sandbox bypass CWE-94 4.6 Medium2025-07-17
CVE-2025-48950 MaxKB Python Sandbox Bypass in Function Library CWE-276 8.8AIHighAI2025-06-03
CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection CWE-1236 4.7 Medium2025-05-11
CVE-2025-32383 MaxKB has a reverse shell vulnerability in function library CWE-94 4.3 Medium2025-04-10
CVE-2024-56137 MaxKB RCE vulnerability in function library CWE-78 6.8 Medium2025-01-02

All 25 known CVE vulnerabilities affecting MaxKB with full Chinese analysis, references, and POCs where available.