CNNVD-202507-2301 Information
Jul 17, 2025
cve
CNNVD ID
CNNVD-202507-2301
Related CVE
- CNNVD Published: 2025-07-17
Description (Chinese)
MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB 2.0.0之前版本存在代码注入漏洞,该漏洞源于沙箱设计规则可被绕过,可能导致反向shell。
Description (English)
MaxKB is a large-language model and RAG-based open-source knowledge database question and answer system for 1 Panel-dev open source. The previous version of MaxKB 2.0 had a code-infusion loophole, which stemmed from the fact that sandbox design rules could be bypassed and could lead to reverse shell.
Hazard Level
High
Vulnerability Type
代码注入
Affected Vendor
1Panel-dev
Published
2025-07-17
Last Modified
2026-02-24
References
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xhm-4j3v-87m4
Patch
https://github.com/1Panel-dev/MaxKB/releases
Share on: