CNNVD-202507-2306 Information

CNNVD ID

CNNVD-202507-2306

Related CVE

CVE-2025-53928

• CNNVD Published: 2025-07-17

Description (Chinese)

MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB 1.10.9-lts和2.0.0之前版本存在代码注入漏洞，该漏洞源于MCP调用存在远程命令执行漏洞。

Description (English)

MaxKB is a large-language model and RAG-based open-source knowledge database question and answer system for 1 Panel-dev open source. MaxKB 1.10.9-lts and previous versions 2.0 had a code-injection loophole, which stemmed from the MCP call for a remote command enforcement gap.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

1Panel-dev

Published

2025-07-17

Last Modified

2026-02-24

References

https://github.com/1Panel-dev/MaxKB/releases/tag/v2.0.0 https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-38q2-4mm7-qf5h

Patch

https://github.com/1Panel-dev/MaxKB/releases