EUVD-2026-22180
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionNVD
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-based sandbox.so module to achieve arbitrary code execution via direct kernel system calls, enabling full network exfiltration and container compromise. The library intercepts critical standard system functions such as execve, system, connect, and open. It also intercepts mprotect to prevent PROT_EXEC (executable memory) allocations within the sandboxed Python processes, but pkey_mprotect is not blocked. This issue has been fixed in version 2.8.0.
AnalysisAI
MaxKB versions 2.7.1 and below allow authenticated attackers with workspace privileges to execute arbitrary code by exploiting a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to invoke raw system calls and bypassing the LD_PRELOAD-based sandbox.so module through the unblocked pkey_mprotect syscall, attackers can achieve remote code execution, enabling network exfiltration and container compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today