Vulnerability in 1panel-dev Maxkb

CVE-2026-39424

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat histor…

EPSS: 0.000 (8.3th percentile) — read the EPSS interpretation.

Affected products

1panel-dev Maxkb — versions < 2.8.0

Weakness classification (CWE)

CWE-1236 — Improper Neutralization of Formula Elements in a CSV File

References

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-rr4r-7cj2-29vp (x_refsource_CONFIRM)
https://github.com/1Panel-dev/MaxKB/commit/24cd68acae5f726eed828e2ac801827a2a70536f (x_refsource_MISC)
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0 (x_refsource_MISC)