What is the CVSS score of CVE-2026-39417?

CVE-2026-39417 has a CVSS 3.1 base score of 4.6 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.1%.

Is there a patch available for CVE-2026-39417?

Yes, a patch is available for CVE-2026-39417. Update the affected software to the latest version immediately.

Maxkb CVE-2026-39417

EUVD-2026-22162 MEDIUM

Improper Input Validation (CWE-20)

2026-04-14 security-advisories@github.com

RCE Maxkb

4.6

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

4.6 MEDIUM

AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch released

Apr 20, 2026 - 17:36 nvd

Patch available

Apr 16, 2026 - 05:29 EUVD

2.8.0

Analysis Generated

Apr 14, 2026 - 00:25 vuln.today

EUVD ID Assigned

Apr 14, 2026 - 00:22 euvd

EUVD-2026-22162

Analysis Generated

Apr 14, 2026 - 00:22 vuln.today

CVE Published

Apr 14, 2026 - 00:16 nvd

MEDIUM 4.6

DescriptionGitHub Advisory

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path (loading MCP config from the database). The else branch, responsible for loading mcp_servers directly from user-supplied JSON remains completely unpatched. Since mcp_source is an optional field (required=False), an attacker can simply omit it or set it to any non-referencing value to bypass the fix. By calling the workflow creation API directly with a crafted JSON payload, an attacker can inject a complete MCP node configuration with stdio transport, arbitrary command, and args - achieving RCE when the workflow is triggered via chat. This issue has been fixed in version 2.8.0.

AnalysisAI

Remote code execution in MaxKB workflow engine (versions 2.7.1 and below) allows authenticated users to bypass an incomplete CVE-2025-53928 fix by injecting arbitrary MCP node configurations through the workflow creation API. An attacker with low-privilege credentials can omit the mcp_source field to trigger the unpatched else branch, inject stdio transport with arbitrary commands, and achieve RCE when the workflow is executed via chat interaction. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Authenticate with low-privilege account

Delivery

Craft workflow JSON with inline mcp_servers config

Exploit

Omit mcp_source field to bypass validation

Install

Submit workflow creation API request

Save malicious workflow

Execute

Trigger workflow via chat interaction

Impact

Execute arbitrary command in MCP node

Step 8

Achieve remote code execution