Skip to main content

MaxKB CVE-2026-42335

| EUVDEUVD-2026-31983 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-26 GitHub_M
6.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 26, 2026 - 22:02 EUVD
Analysis Generated
May 26, 2026 - 21:34 vuln.today
CVSS changed
May 26, 2026 - 21:22 NVD
6.3 (MEDIUM)
CVE Published
May 26, 2026 - 20:09 nvd
UNKNOWN (no severity yet)

DescriptionGitHub Advisory

MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch (chat/api/oss/get_url) endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse validation function and the requests HTTP client, allowing attackers to access internal network services. This vulnerability is fixed in 2.8.1.

AnalysisAI

Server-side request forgery in MaxKB v2.8.0 and earlier allows authenticated low-privilege users to reach internal network services by exploiting an URL parsing inconsistency at the OSS file fetch endpoint. The discrepancy between Python's urlparse validation logic and the requests HTTP client means a crafted URL can pass security checks yet still route to internal infrastructure when executed by the server. No public exploit or KEV listing exists at time of analysis; the vendor has confirmed and patched the issue in 2.8.1.

Technical ContextAI

MaxKB is an open-source enterprise AI knowledge-base assistant maintained by 1Panel-dev (CPE: cpe:2.3:a:1panel-dev:maxkb:*:*:*:*:*:*:*:*). The vulnerable endpoint, chat/api/oss/get_url, is part of the Object Storage Service (OSS) file-service layer designed to fetch remote URLs on behalf of the application. The root cause (CWE-918) is an SSRF arising from differential URL parsing: the application validates input URLs with Python's urlparse, but the actual HTTP request is issued by the requests library. These two parsers handle edge cases - such as malformed schemes, embedded credentials, or unusual IP representations - differently, creating a gap an attacker can exploit to submit a URL that appears safe to the validator but resolves to an internal address when fetched. This class of parsing discrepancy is well-documented in SSRF research and commonly affects Python web stacks that separate validation from execution across library boundaries.

RemediationAI

Upgrade MaxKB to version 2.8.1, which contains the vendor-confirmed fix. The advisory is available at https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-r8hf-mwwr-hxgc. If immediate upgrade is not feasible, restrict access to the chat/api/oss/get_url endpoint at the reverse-proxy or WAF layer to trusted users or IP ranges only - note this may break legitimate OSS URL fetch workflows. Alternatively, apply network egress controls on the MaxKB host to prevent outbound connections to internal RFC-1918 address ranges, link-local addresses (169.254.x.x), and loopback; this limits SSRF blast radius without touching the application but adds operational overhead for managing egress rules. If cloud-hosted, prioritize blocking access to the instance metadata service endpoint as a compensating control.

More in Maxkb

View all
CVE-2025-48950 HIGH POC
8.8 Jun 03

MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in

CVE-2026-56779 MEDIUM POC
5.3 Jun 25

Server-side request forgery in MaxKB before 2.10.0 allows any authenticated user holding the default workspace USER role

CVE-2026-54149 HIGH
8.8 Jul 10

OS command injection in MaxKB (1Panel-dev's open-source enterprise AI assistant) before 2.10.0-lts lets an authenticated

CVE-2026-39423 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) via Eval Injection in MaxKB's Markdown rendering engine allows authenticated users to

CVE-2026-39422 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) in MaxKB 2.7.1 and below allows authenticated users to inject malicious JavaScript thr

CVE-2026-45413 MEDIUM
6.9 May 26

MaxKB, an open-source enterprise AI assistant by 1Panel-dev, stores user passwords as unsalted MD5 hashes, exposing all

CVE-2026-45412 MEDIUM
6.3 May 26

Server-Side Request Forgery in MaxKB before 2.9.1 allows authenticated users to pivot into internal network infrastructu

CVE-2026-6108 LOW POC
2.1 Apr 12

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary

CVE-2025-15632 LOW POC
2.0 Apr 13

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.4.2 allows authenticated remote attackers to inject malic

CVE-2026-6106 LOW POC
2.0 Apr 11

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.2.1 allows authenticated remote attackers to inject malic

CVE-2026-42337 MEDIUM
5.3 May 26

Broken access control in MaxKB 2.8.0 and earlier exposes the OSS file service URL fetch API (`chat/api/oss/get_url`) to

CVE-2026-39425 MEDIUM
5.1 Apr 14

Stored Cross-Site Scripting in MaxKB 2.7.1 and below allows authenticated users to inject arbitrary JavaScript into the

Share

CVE-2026-42335 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy