What is CVE-2026-39419?

CVE-2026-39419 is a low-severity vulnerability in 1panel-dev Maxkb, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 3.1/10. Published 2026-04-14.

How severe is CVE-2026-39419?

Low severity. CVSS v3 base score is 3.1 out of 10.

Vulnerability in 1panel-dev Maxkb

CVE-2026-39419

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UU…

EPSS: 0.001 (19.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.1 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

1panel-dev Maxkb — versions < 2.8.0

Weakness classification (CWE)

References

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f3c8-p474-xwfv (x_refsource_CONFIRM)
https://github.com/1Panel-dev/MaxKB/commit/38c4cfecd065293ede0437f6fa76cf0116591d25 (x_refsource_MISC)
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-39419?: CVE-2026-39419 is a low-severity vulnerability in 1panel-dev Maxkb, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 3.1/10. Published 2026-04-14.
How severe is CVE-2026-39419?: Low severity. CVSS v3 base score is 3.1 out of 10.