CNNVD-202509-2264 Information
CNNVD ID
CNNVD-202509-2264
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB 2.0.2版本及之前版本和2.1.0版本存在代码问题漏洞,该漏洞源于对文件/admin/api/workspace/default/tool/debug中参数code的错误操作,可能导致反序列化攻击。
Description (English)
MaxKB is a large-language model and RAG-based open-source knowledge database question and answer system for 1 Panel-dev open source. MaxKB version 2.0.2 and previous versions and version 2.1.0 had a code problem loophole, which stemmed from an error in the code for the parameter code in the document/admin/api/workspace/default/tool/debug, which could lead to a back-serialization attack.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
1Panel-dev
Published
2025-09-15
Last Modified
2026-02-24
References
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.1.1 https://vuldb.com/?ctiid.323867 https://vuldb.com/?id.323867 https://vuldb.com/?submit.647589 https://zealous-brand-b4a.notion.site/MaxKB-2-1-0-tool-debug-RCE-2647244a828c80e7850dc6503061b88b
Patch
https://github.com/1Panel-dev/MaxKB/releases
Share on: