Skip to main content

MaxKB CVE-2026-42336

| EUVDEUVD-2026-31989 MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-05-26 GitHub_M
5.1
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 26, 2026 - 22:02 EUVD
Analysis Generated
May 26, 2026 - 21:35 vuln.today
CVSS changed
May 26, 2026 - 21:22 NVD
5.1 (MEDIUM)
CVE Published
May 26, 2026 - 20:22 nvd
UNKNOWN (no severity yet)

DescriptionGitHub Advisory

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access internal network services. This vulnerability is fixed in 2.8.1.

AnalysisAI

Authenticated SSRF bypass in MaxKB's OSS file service URL fetch allows low-privilege users to reach internal network services by exploiting inconsistent DNS resolution between validation and request execution. MaxKB 2.8.0 and all prior versions are affected; the attacker causes the validation step to resolve a domain to a public IP, then swaps the DNS record so the actual HTTP fetch resolves to an internal address, bypassing the SSRF filter entirely. No public exploit has been identified and this CVE is not listed in CISA KEV; a vendor-released patch (2.8.1) is available.

Technical ContextAI

MaxKB (CPE: cpe:2.3:a:1panel-dev:maxkb:*:*:*:*:*:*:*:*) is an open-source enterprise AI assistant developed by 1Panel-dev that supports fetching remote URLs as part of its OSS (Object Storage Service) file processing pipeline. The root cause is CWE-367 (Time-of-Check Time-of-Use / TOCTOU Race Condition): the application resolves the attacker-supplied domain hostname once during SSRF validation and a second time during the actual HTTP request, with no guarantee both resolutions return the same IP. An attacker exploits this window by controlling a DNS record with a very short TTL - pointing it to a legitimate public IP during validation to pass the filter, then immediately updating the record to an RFC 1918 or loopback address. When MaxKB performs the real fetch, it re-resolves the hostname and now reaches the internal target. This technique, known as DNS rebinding, is a well-understood class of SSRF bypass enabled specifically by TOCTOU handling in URL validators.

RemediationAI

Vendor-released patch: 2.8.1. Upgrade MaxKB to version 2.8.1 or later as the primary remediation; this version is confirmed by the vendor advisory at https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-6m4p-9wwc-4q5q. If immediate upgrade is not feasible, restrict access to the OSS URL fetch feature to the most trusted accounts only, reducing the pool of potential abusers - note this may break legitimate use cases for lower-privilege users. As a network-layer control, configure egress firewall rules on the MaxKB host to block outbound connections to RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and 169.254.0.0/16 (cloud metadata ranges); this prevents the actual internal fetch even if DNS rebinding succeeds, though it will also block intentional internal integrations. Deploying a DNS resolver with rebinding protection (which rejects DNS responses for public domains that resolve to private IPs) addresses the root cause at the network level but requires infrastructure changes and may affect split-horizon DNS configurations. None of the workarounds fully eliminate the TOCTOU race - patching to 2.8.1 is the only complete fix.

More in Maxkb

View all
CVE-2025-48950 HIGH POC
8.8 Jun 03

MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in

CVE-2026-56779 MEDIUM POC
5.3 Jun 25

Server-side request forgery in MaxKB before 2.10.0 allows any authenticated user holding the default workspace USER role

CVE-2026-54149 HIGH
8.8 Jul 10

OS command injection in MaxKB (1Panel-dev's open-source enterprise AI assistant) before 2.10.0-lts lets an authenticated

CVE-2026-39423 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) via Eval Injection in MaxKB's Markdown rendering engine allows authenticated users to

CVE-2026-39422 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) in MaxKB 2.7.1 and below allows authenticated users to inject malicious JavaScript thr

CVE-2026-45413 MEDIUM
6.9 May 26

MaxKB, an open-source enterprise AI assistant by 1Panel-dev, stores user passwords as unsalted MD5 hashes, exposing all

CVE-2026-42335 MEDIUM
6.3 May 26

Server-side request forgery in MaxKB v2.8.0 and earlier allows authenticated low-privilege users to reach internal netwo

CVE-2026-45412 MEDIUM
6.3 May 26

Server-Side Request Forgery in MaxKB before 2.9.1 allows authenticated users to pivot into internal network infrastructu

CVE-2026-6108 LOW POC
2.1 Apr 12

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary

CVE-2025-15632 LOW POC
2.0 Apr 13

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.4.2 allows authenticated remote attackers to inject malic

CVE-2026-6106 LOW POC
2.0 Apr 11

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.2.1 allows authenticated remote attackers to inject malic

CVE-2026-42337 MEDIUM
5.3 May 26

Broken access control in MaxKB 2.8.0 and earlier exposes the OSS file service URL fetch API (`chat/api/oss/get_url`) to

Share

CVE-2026-42336 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy