Skip to main content

MaxKB CVE-2026-42337

| EUVDEUVD-2026-31988 MEDIUM
Missing Authorization (CWE-862)
2026-05-26 GitHub_M
5.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 26, 2026 - 22:02 EUVD
Analysis Generated
May 26, 2026 - 21:35 vuln.today
CVSS changed
May 26, 2026 - 21:22 NVD
5.3 (MEDIUM)
CVE Published
May 26, 2026 - 20:19 nvd
UNKNOWN (no severity yet)

DescriptionGitHub Advisory

MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API (chat/api/oss/get_url). The endpoint uses application_id from the URL path without validating ownership, allowing attackers to perform operations under other applications’ policies. This vulnerability is fixed in 2.8.1.

AnalysisAI

Broken access control in MaxKB 2.8.0 and earlier exposes the OSS file service URL fetch API (chat/api/oss/get_url) to cross-application data access by authenticated low-privilege users who supply arbitrary application_id values in the URL path. Because the endpoint performs no ownership validation against the requesting session, any authenticated user can retrieve OSS file URLs scoped to applications they do not own, violating multi-tenant isolation. No public exploit code exists and the issue is not listed in CISA KEV; a vendor-released patch is available in version 2.8.1.

Technical ContextAI

MaxKB is an open-source enterprise AI knowledge-base assistant maintained by 1Panel-dev (CPE: cpe:2.3:a:1panel-dev:maxkb:*:*:*:*:*:*:*:*). The vulnerable component is the OSS (Object Storage Service) file service endpoint at chat/api/oss/get_url, which accepts an application_id path parameter to scope which application's stored files are referenced. CWE-862 (Missing Authorization) describes the root cause: the server processes the application_id and returns the associated file URL without first verifying that the authenticated caller has entitlement to that application. This is structurally an Insecure Direct Object Reference (IDOR) pattern - user-controlled input directly selects a server-side resource, and the authorization gate that should enforce ownership is absent.

RemediationAI

The primary and recommended remediation is upgrading to MaxKB 2.8.1, which is the vendor-released patch that introduces ownership validation for the application_id parameter on the chat/api/oss/get_url endpoint. Full upgrade guidance is available in the vendor advisory at https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-2jmj-gwvg-3gp2. If an immediate upgrade is not operationally feasible, restrict network-layer access to the chat/api/oss/get_url path at the reverse proxy or API gateway to only authenticated users belonging to specific, known application contexts - note this may partially disrupt legitimate chat-initiated file retrieval workflows and does not eliminate the flaw. Additionally, audit API access logs for chat/api/oss/get_url requests where the application_id in the path does not correspond to the authenticated user's registered applications, as a detection measure to identify prior or ongoing exploitation attempts.

More in Maxkb

View all
CVE-2025-48950 HIGH POC
8.8 Jun 03

MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in

CVE-2026-56779 MEDIUM POC
5.3 Jun 25

Server-side request forgery in MaxKB before 2.10.0 allows any authenticated user holding the default workspace USER role

CVE-2026-54149 HIGH
8.8 Jul 10

OS command injection in MaxKB (1Panel-dev's open-source enterprise AI assistant) before 2.10.0-lts lets an authenticated

CVE-2026-39423 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) via Eval Injection in MaxKB's Markdown rendering engine allows authenticated users to

CVE-2026-39422 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) in MaxKB 2.7.1 and below allows authenticated users to inject malicious JavaScript thr

CVE-2026-45413 MEDIUM
6.9 May 26

MaxKB, an open-source enterprise AI assistant by 1Panel-dev, stores user passwords as unsalted MD5 hashes, exposing all

CVE-2026-42335 MEDIUM
6.3 May 26

Server-side request forgery in MaxKB v2.8.0 and earlier allows authenticated low-privilege users to reach internal netwo

CVE-2026-45412 MEDIUM
6.3 May 26

Server-Side Request Forgery in MaxKB before 2.9.1 allows authenticated users to pivot into internal network infrastructu

CVE-2026-6108 LOW POC
2.1 Apr 12

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary

CVE-2025-15632 LOW POC
2.0 Apr 13

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.4.2 allows authenticated remote attackers to inject malic

CVE-2026-6106 LOW POC
2.0 Apr 11

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.2.1 allows authenticated remote attackers to inject malic

CVE-2026-39425 MEDIUM
5.1 Apr 14

Stored Cross-Site Scripting in MaxKB 2.7.1 and below allows authenticated users to inject arbitrary JavaScript into the

Share

CVE-2026-42337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy