Vulnerability in 1panel-dev Maxkb
CVE-2026-45413
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force (hashcat). This vulnerability is fi…
EPSS: 0.000 (0.8th percentile) — read the EPSS interpretation.
Affected products
- 1panel-dev Maxkb — versions < 2.9.1
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)