Skip to main content

Maxkb CVE-2026-6108

| EUVDEUVD-2026-21690 LOW
OS Command Injection (CWE-78)
2026-04-12 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
CVSS changed
Apr 12, 2026 - 01:22 NVD
6.3 (MEDIUM) 5.3 (MEDIUM)
Analysis Generated
Apr 12, 2026 - 01:17 vuln.today
EUVD ID Assigned
Apr 12, 2026 - 01:15 euvd
EUVD-2026-21690
Analysis Generated
Apr 12, 2026 - 01:15 vuln.today
CVE Published
Apr 12, 2026 - 01:00 nvd
LOW 2.1

DescriptionCVE.org

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. You should upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

AnalysisAI

OS command injection in 1Panel-dev MaxKB up to version 2.6.1 allows authenticated remote attackers to execute arbitrary operating system commands through manipulation of the Model Context Protocol Node's execute function in base_mcp_node.py, with publicly available exploit code and vendor-released patches available for remediation.

Technical ContextAI

The vulnerability exists in the Model Context Protocol (MCP) Node implementation within MaxKB's application flow processing layer. The execute() function in apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py fails to properly sanitize user-supplied input before passing it to OS command execution functions, resulting in classic OS command injection (CWE-78). The MCP Node is a component that handles model context protocol interactions, likely used for LLM integration and workflow automation. The affected product MaxKB (versions up to 2.6.1) is identified via CPE cpe:2.3:a:1panel-dev:maxkb:*:*:*:*:*:*:*:* as running on the 1Panel platform framework.

RemediationAI

Upgrade MaxKB to a version released after 2.6.1; the vendor has released patched versions in response to this disclosure. Consult the official 1Panel-dev MaxKB repository and release notes for the specific patched version (typically 2.6.2 or later). Until patching is possible, restrict network access to the MaxKB application and implement authentication controls to limit access to the Model Context Protocol Node feature to trusted users only. The vendor was contacted early in the disclosure process and responded professionally with a rapid fix, so patch availability should not be a blocking factor. Verify the patch through the official 1Panel-dev GitHub repository or vendor advisory channels.

More in Maxkb

View all
CVE-2025-48950 HIGH POC
8.8 Jun 03

MaxKB prior to version 1.10.8-lts contains an incomplete sandbox implementation that only blacklists binary execution in

CVE-2026-56779 MEDIUM POC
5.3 Jun 25

Server-side request forgery in MaxKB before 2.10.0 allows any authenticated user holding the default workspace USER role

CVE-2026-54149 HIGH
8.8 Jul 10

OS command injection in MaxKB (1Panel-dev's open-source enterprise AI assistant) before 2.10.0-lts lets an authenticated

CVE-2026-39423 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) via Eval Injection in MaxKB's Markdown rendering engine allows authenticated users to

CVE-2026-39422 MEDIUM
6.9 Apr 14

Stored Cross-Site Scripting (XSS) in MaxKB 2.7.1 and below allows authenticated users to inject malicious JavaScript thr

CVE-2026-45413 MEDIUM
6.9 May 26

MaxKB, an open-source enterprise AI assistant by 1Panel-dev, stores user passwords as unsalted MD5 hashes, exposing all

CVE-2026-42335 MEDIUM
6.3 May 26

Server-side request forgery in MaxKB v2.8.0 and earlier allows authenticated low-privilege users to reach internal netwo

CVE-2026-45412 MEDIUM
6.3 May 26

Server-Side Request Forgery in MaxKB before 2.9.1 allows authenticated users to pivot into internal network infrastructu

CVE-2025-15632 LOW POC
2.0 Apr 13

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.4.2 allows authenticated remote attackers to inject malic

CVE-2026-6106 LOW POC
2.0 Apr 11

Cross-site scripting (XSS) in 1Panel-dev MaxKB up to version 2.2.1 allows authenticated remote attackers to inject malic

CVE-2026-42337 MEDIUM
5.3 May 26

Broken access control in MaxKB 2.8.0 and earlier exposes the OSS file service URL fetch API (`chat/api/oss/get_url`) to

CVE-2026-39425 MEDIUM
5.1 Apr 14

Stored Cross-Site Scripting in MaxKB 2.7.1 and below allows authenticated users to inject arbitrary JavaScript into the

Share

CVE-2026-6108 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy