CNNVD-202511-1598 Information
Nov 13, 2025
cve
CNNVD ID
CNNVD-202511-1598
Related CVE
- CNNVD Published: 2025-11-13
Description (Chinese)
MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB 2.3.1之前版本存在代码问题漏洞,该漏洞源于用户可通过工具模块中的Python代码访问内部网络服务,可能导致沙箱绕过。
Description (English)
MaxKB is a large-language model and RAG-based open-source knowledge database question and answer system for 1 Panel-dev open source. The previous version of MaxKB 2.3.1 had a code problem loophole, which stemmed from users ’ access to internal network services through the Python code in the tool module, which could lead to sandbox bypasses.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
1Panel-dev
Published
2025-11-13
Last Modified
2026-02-24
References
https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-9287-g7px-9rp4
Patch
https://github.com/1Panel-dev/MaxKB/releases
Share on: