EUVD-2026-22162
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionNVD
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path (loading MCP config from the database). The else branch, responsible for loading mcp_servers directly from user-supplied JSON remains completely unpatched. Since mcp_source is an optional field (required=False), an attacker can simply omit it or set it to any non-referencing value to bypass the fix. By calling the workflow creation API directly with a crafted JSON payload, an attacker can inject a complete MCP node configuration with stdio transport, arbitrary command, and args - achieving RCE when the workflow is triggered via chat. This issue has been fixed in version 2.8.0.
AnalysisAI
Remote code execution in MaxKB workflow engine (versions 2.7.1 and below) allows authenticated users to bypass an incomplete CVE-2025-53928 fix by injecting arbitrary MCP node configurations through the workflow creation API. An attacker with low-privilege credentials can omit the mcp_source field to trigger the unpatched else branch, inject stdio transport with arbitrary commands, and achieve RCE when the workflow is executed via chat interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today