Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force (hashcat). This vulnerability is fixed in 2.9.1.
AnalysisAI
MaxKB, an open-source enterprise AI assistant by 1Panel-dev, stores user passwords as unsalted MD5 hashes, exposing all user credentials to trivial offline cracking upon any database compromise. All versions prior to 2.9.1 are affected (CPE: cpe:2.3:a:1panel-dev:maxkb). The CVSS 4.0 vector (AV:L/VC:H) confirms that while local or database-level access is a prerequisite, once hashes are obtained, full credential recovery is practically guaranteed using rainbow tables or GPU-accelerated tools such as hashcat - no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Technical ContextAI
CWE-328 (Use of Weak Hash) identifies the root cause: MD5 was designed as a general-purpose integrity checksum, not a password storage primitive. It is cryptographically broken for this use case for two compounding reasons - it is computationally fast (enabling billions of guesses per second on consumer GPUs) and the absence of a per-user salt means identical plaintext passwords produce identical digests, enabling precomputed rainbow table attacks that require no brute-force effort at all. The affected product is the full MaxKB application stack (cpe:2.3:a:1panel-dev:maxkb:*:*:*:*:*:*:*:*), indicating all prior release lines are vulnerable. Secure alternatives such as bcrypt, scrypt, or Argon2id are intentionally slow and incorporate salting by design, which MaxKB 2.9.1 presumably adopts.
RemediationAI
Upgrade MaxKB to version 2.9.1, which is confirmed as the vendor-released fix per the GitHub Security Advisory GHSA-2m4c-mcq5-q8xq (https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-2m4c-mcq5-q8xq). After upgrading, administrators should force a password reset for all users, as existing hashes stored prior to the fix may have already been extracted and cracked if a prior database exposure occurred - the upgrade alone does not retroactively invalidate compromised credentials. If immediate upgrade is not possible, restrict database access to the application service account only, disable external database port exposure, and audit database backup storage permissions to limit the attack surface for hash extraction. Be aware that restricting database access does not eliminate the vulnerability - it only raises the bar for hash acquisition.
MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in
Server-side request forgery in MaxKB before 2.10.0 allows any authenticated user holding the default workspace USER role
OS command injection in MaxKB (1Panel-dev's open-source enterprise AI assistant) before 2.10.0-lts lets an authenticated
Stored Cross-Site Scripting (XSS) via Eval Injection in MaxKB's Markdown rendering engine allows authenticated users to
Stored Cross-Site Scripting (XSS) in MaxKB 2.7.1 and below allows authenticated users to inject malicious JavaScript thr
Server-side request forgery in MaxKB v2.8.0 and earlier allows authenticated low-privilege users to reach internal netwo
Server-Side Request Forgery in MaxKB before 2.9.1 allows authenticated users to pivot into internal network infrastructu
OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary
Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.4.2 allows authenticated remote attackers to inject malic
Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.2.1 allows authenticated remote attackers to inject malic
Broken access control in MaxKB 2.8.0 and earlier exposes the OSS file service URL fetch API (`chat/api/oss/get_url`) to
Stored Cross-Site Scripting in MaxKB 2.7.1 and below allows authenticated users to inject arbitrary JavaScript into the
Same weakness CWE-328 – Use of Weak Hash
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31984