CNNVD-202511-1597 Information

CNNVD ID

CNNVD-202511-1597

Related CVE

CVE-2025-64703

• CNNVD Published: 2025-11-13

Description (Chinese)

MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB 2.3.1之前版本存在信息泄露漏洞，该漏洞源于用户可通过工具模块中的Python代码获取敏感信息，可能导致沙箱绕过。

Description (English)

MaxKB is a large-language model and RAG-based open-source knowledge database question and answer system for 1 Panel-dev open source. The previous version of MaxKB 2.3.1 had an information leak loophole, which stemmed from the fact that users could access sensitive information through the Python code in the tool module, which could lead to sandbox bypasses.

Hazard Level

High

Vulnerability Type

信息泄露

Affected Vendor

1Panel-dev

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-qwvm-x4xh-g2qq

Patch

https://github.com/1Panel-dev/MaxKB/releases