Skip to main content

MaxKB CVE-2026-45412

| EUVDEUVD-2026-31985 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-26 GitHub_M
6.3
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 26, 2026 - 23:05 vuln.today
Patch available
May 26, 2026 - 22:02 EUVD
CVSS changed
May 26, 2026 - 21:22 NVD
6.3 (MEDIUM)
CVE Published
May 26, 2026 - 20:14 nvd
UNKNOWN (no severity yet)

DescriptionGitHub Advisory

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary URLs in work_flow_template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in 2.9.1.

AnalysisAI

Server-Side Request Forgery in MaxKB before 2.9.1 allows authenticated users to pivot into internal network infrastructure by supplying arbitrary URLs to the work_flow_template import endpoint. The server fetches attacker-controlled URLs without validation or internal IP filtering, enabling reconnaissance of internal services, cloud metadata endpoints, or other resources unreachable from the public internet. The CVSS 4.0 score of 6.3 is driven primarily by high subsequent-system confidentiality impact (SC:H), reflecting the lateral reach into backend infrastructure that SSRF typically enables. No public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

MaxKB is an open-source, enterprise-focused AI assistant developed by 1Panel-dev (CPE: cpe:2.3:a:1panel-dev:maxkb:*:*:*:*:*:*:*:*). The vulnerability resides in the workflow template import feature, specifically in the handling of a 'downloadUrl' parameter. When a user initiates a template import, the application performs a server-side HTTP fetch of the supplied URL. CWE-918 (Server-Side Request Forgery) describes this root cause class: the server acts as an unintended proxy because it does not validate the destination URL against an allowlist or block reserved/internal IP ranges (RFC 1918, loopback, link-local). This allows the attacker to weaponize the server's network position - effectively making outbound requests that the attacker cannot make directly - targeting cloud instance metadata services (e.g., 169.254.169.254), internal APIs, or adjacent microservices. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N) captures this asymmetry: low direct impact on the vulnerable component itself (VC:L), but high confidentiality impact on subsequent/reachable systems (SC:H).

RemediationAI

The primary remediation is to upgrade MaxKB to version 2.9.1 or later, which introduces URL validation and internal IP filtering for the work_flow_template downloadUrl parameter. The vendor advisory at https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-x9g5-j56j-4mfj should be consulted for release details. For deployments where immediate upgrading is not feasible, consider the following specific compensating controls: restrict access to the workflow template import functionality via role-based access control to only highly trusted users, reducing exposure if the feature cannot be disabled outright; deploy an egress proxy or firewall rule that blocks the MaxKB application server from making outbound HTTP/S requests to RFC 1918 addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), loopback (127.0.0.0/8), and link-local (169.254.0.0/16) ranges - this directly neutralizes the primary impact path while potentially breaking legitimate external template fetches; and on cloud-hosted instances, enforce IMDSv2 (AWS) or equivalent metadata service protections to prevent credential theft via metadata endpoint SSRF. Note that egress filtering may break legitimate use of the import feature if it normally fetches templates from external sources.

More in Maxkb

View all
CVE-2025-48950 HIGH POC
8.8 Jun 03

MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in

CVE-2026-56779 MEDIUM POC
5.3 Jun 25

Server-side request forgery in MaxKB before 2.10.0 allows any authenticated user holding the default workspace USER role

CVE-2026-54149 HIGH
8.8 Jul 10

OS command injection in MaxKB (1Panel-dev's open-source enterprise AI assistant) before 2.10.0-lts lets an authenticated

CVE-2026-39423 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) via Eval Injection in MaxKB's Markdown rendering engine allows authenticated users to

CVE-2026-39422 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) in MaxKB 2.7.1 and below allows authenticated users to inject malicious JavaScript thr

CVE-2026-45413 MEDIUM
6.9 May 26

MaxKB, an open-source enterprise AI assistant by 1Panel-dev, stores user passwords as unsalted MD5 hashes, exposing all

CVE-2026-42335 MEDIUM
6.3 May 26

Server-side request forgery in MaxKB v2.8.0 and earlier allows authenticated low-privilege users to reach internal netwo

CVE-2026-6108 LOW POC
2.1 Apr 12

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary

CVE-2025-15632 LOW POC
2.0 Apr 13

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.4.2 allows authenticated remote attackers to inject malic

CVE-2026-6106 LOW POC
2.0 Apr 11

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.2.1 allows authenticated remote attackers to inject malic

CVE-2026-42337 MEDIUM
5.3 May 26

Broken access control in MaxKB 2.8.0 and earlier exposes the OSS file service URL fetch API (`chat/api/oss/get_url`) to

CVE-2026-39425 MEDIUM
5.1 Apr 14

Stored Cross-Site Scripting in MaxKB 2.7.1 and below allows authenticated users to inject arbitrary JavaScript into the

Share

CVE-2026-45412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy