CVE-2026-39426

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerab

5.4MEDIUM

CVE-2026-39425

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerab

5.4MEDIUM

CVE-2026-39419

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result

3.1LOW

CVE-2026-39424

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Imprope

4.7MEDIUM

CVE-2026-39423

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markd

5.4MEDIUM

CVE-2026-39422

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerab

5.4MEDIUM

CVE-2026-39421

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolEx

6.3MEDIUM

CVE-2026-39420

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allow

6.3MEDIUM

CVE-2026-39418

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by us

5.0MEDIUM

CVE-2026-39417

< 2.8.0

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where

4.6MEDIUM

CVE-2025-66446

< 2.4.0

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers

8.8HIGH

CVE-2025-66419

< 2.4.0

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the

8.8HIGH

CVE-2025-64703

< 2.3.1

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python c

6.3MEDIUM

CVE-2025-64511

< 2.3.1

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such

7.4HIGH

CVE-2025-53928

< 1.10.9

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerabil

4.6MEDIUM

CVE-2025-53927

< 2.0.0

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxK

4.6MEDIUM

CVE-2025-48950

< 1.10.8

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions

8.8HIGH

CVE-2025-4546

<= 1.9.1

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an

4.7MEDIUM

CVE-2025-32383

< 1.10.4

MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieva

4.3MEDIUM

CVE-2024-56137

< 1.9.0

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language m

6.8MEDIUM