Skip to main content

Linux CVE-2026-39418

| EUVDEUVD-2026-22176 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-04-14 GitHub_M
5.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.0 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

6
Patch released
Apr 20, 2026 - 17:36 nvd
Patch available
Patch available
Apr 16, 2026 - 05:29 EUVD
2.8.0
Analysis Generated
Apr 14, 2026 - 01:21 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 01:15 euvd
EUVD-2026-22176
Analysis Generated
Apr 14, 2026 - 01:15 vuln.today
CVE Published
Apr 14, 2026 - 00:08 nvd
MEDIUM 5.0

DescriptionGitHub Advisory

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by the sandbox's banned hosts configuration. MaxKB's sandbox uses LD_PRELOAD to hook the connect() function and block connections to banned IPs, but Linux's sendto() with the MSG_FASTOPEN flag can establish TCP connections directly through the kernel without ever calling connect(), completely bypassing the IP validation. Although sendto is listed in the syscall() wrapper, this is ineffective because glibc invokes the kernel syscall directly rather than routing through the hooked syscall() function. This issue has been fixed in version 2.8.0.

AnalysisAI

MaxKB versions 2.7.1 and below allow authenticated users with tool-editing permissions to bypass sandbox network protection via socket.sendto() with the MSG_FASTOPEN flag, enabling connections to internal services explicitly blocked by the sandbox's banned hosts configuration. The vulnerability exploits a gap in LD_PRELOAD hooking-sendto() with MSG_FASTOPEN establishes TCP connections directly through the kernel without invoking the hooked connect() function, completely circumventing IP validation. This is a server-side request forgery (SSRF) vector that requires prior authentication and tool-editing privileges. Vendor-released patch: version 2.8.0.

Technical ContextAI

MaxKB implements network sandbox protection using LD_PRELOAD, a dynamic linking technique that intercepts library calls at runtime by preloading a shared object that provides hooked versions of functions like connect(). The vulnerability leverages Linux's TCP_FASTOPEN mechanism, exposed via socket.sendto() with the MSG_FASTOPEN flag, which performs a TCP three-way handshake during the sendto() call itself rather than in a separate connect() call. Because glibc optimizes by invoking the kernel syscall directly rather than routing through the hooked syscall() wrapper, the LD_PRELOAD hook for connect() is never triggered. This allows the kernel to establish the TCP connection before any userspace validation can occur. The root cause is CWE-918 (Server-Side Request Forgery), compounded by incomplete syscall interception. Affected products include MaxKB (CPE: cpe:2.3:a:1panel-dev:maxkb:*:*:*:*:*:*:*:*) in versions up to and including 2.7.1.

RemediationAI

Upgrade MaxKB to version 2.8.0 or later. The patch addresses the vulnerability by improving syscall interception to prevent MSG_FASTOPEN from bypassing the connect() hook. For organizations unable to upgrade immediately, restrict tool-editing permissions to trusted users only, and implement network-level controls (firewalls, egress rules) to block unauthenticated outbound connections from the MaxKB process to sensitive internal services. Patch details and commit information are available at https://github.com/1Panel-dev/MaxKB/commit/4d06362750b15390437f1d2e4d14ec79baef8559 and https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0.

Share

CVE-2026-39418 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy