CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53928 – MaxKB has RCE in MCP call
https://notcve.org/view.php?id=CVE-2025-53928
17 Jul 2025 — MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue. • https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53927 – MaxKB sandbox bypass
https://notcve.org/view.php?id=CVE-2025-53927
17 Jul 2025 — MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the `shutil.copy2` method in Python to copy the command they want to execute to the executable directory. This bypasses directory restrictions and reverse shell. Version 2.0.0 fixes the issue. • https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48950 – MaxKB Python Sandbox Bypass in Function Library
https://notcve.org/view.php?id=CVE-2025-48950
03 Jun 2025 — MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue. • https://github.com/1Panel-dev/MaxKB/commit/187e9c1e4ea1ebb6864c5bf61558c42f2fc6c005 • CWE-276: Incorrect Default Permissions •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 1CVE-2025-4546 – 1Panel-dev MaxKB Knowledge Base Module csv injection
https://notcve.org/view.php?id=CVE-2025-4546
11 May 2025 — A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. • https://github.com/yaowenxiao721/Poc/blob/main/MaxKB/MaxKB-poc1.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32383 – MaxKB has a reverse shell vulnerability in function library
https://notcve.org/view.php?id=CVE-2025-32383
10 Apr 2025 — MaxKB (Max Knowledge Base) is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged users to create a reverse shell. This vulnerability is fixed in v1.10.4-lts. • https://github.com/1Panel-dev/MaxKB/commit/4ae02c8d3eb65542c88ef58c0abd94c52c949d8f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56137 – MaxKB RCE vulnerability in function library
https://notcve.org/view.php?id=CVE-2024-56137
02 Jan 2025 — MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0. • https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-76w2-2g72-cg85 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •