1panel-dev Maxkb
31 CVEs affecting 1panel-dev Maxkb. Latest disclosed: 2026-05-26. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-66446 | High | 8.8 | 2025-12-11 | MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dy… |
CVE-2025-66419 | High | 8.8 | 2025-12-11 | MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and esca… |
CVE-2026-44847 | High | 7.5 | 2026-05-26 | MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible with… |
CVE-2025-64511 | High | 7.4 | 2025-11-13 | MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python c… |
CVE-2024-56137 | Medium | 6.8 | 2025-01-02 | MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented… |
CVE-2026-39421 | Medium | 6.3 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveragi… |
CVE-2026-39420 | Medium | 6.3 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with… |
CVE-2026-6108 | Medium | 6.3 | 2026-04-12 | A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/im… |
CVE-2025-64703 | Medium | 6.3 | 2025-11-13 | MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although… |
CVE-2025-10433 | Medium | 6.3 | 2025-09-15 | A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/… |
CVE-2026-39418 | Medium | 5.0 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the… |
CVE-2025-4546 | Medium | 4.7 | 2025-05-11 | A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the… |
CVE-2026-39417 | Medium | 4.6 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulne… |
CVE-2025-53928 | Medium | 4.6 | 2025-07-17 | MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. V… |
CVE-2025-53927 | Medium | 4.6 | 2025-07-17 | MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the executio… |
CVE-2025-32383 | Medium | 4.3 | 2025-04-10 | MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG)… |
CVE-2025-15632 | Low | 3.5 | 2026-04-13 | A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.ts of the component MdPreview. Such man… |
CVE-2026-6107 | Low | 3.5 | 2026-04-12 | A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py… |
CVE-2026-6106 | Low | 3.5 | 2026-04-11 | A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middlewar… |
CVE-2026-39419 | Low | 3.1 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool exe… |