CNNVD-202512-2037 Information

CNNVD ID

CNNVD-202512-2037

Related CVE

CVE-2025-66446

• CNNVD Published: 2025-12-11

Description (Chinese)

MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB 2.3.1及之前版本存在竞争条件问题漏洞，该漏洞源于文件权限设置不当，可能导致覆盖内置动态链接器和其他关键文件，进而导致权限提升。

Description (English)

MaxKB is a large-language model and RAG-based open-source knowledge database question and answer system for 1 Panel-dev open source. MaxKB 2.3.1 and previous versions had a gap in the conditions of competition, which stemmed from the inappropriate set-up of document privileges, which could lead to the coverage of built-in dynamic links and other key documents, leading to enhanced privileges.

Hazard Level

Medium

Vulnerability Type

竞争条件问题

Affected Vendor

1Panel-dev

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0 https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xx2-3q9w-jpgf

Patch

https://github.com/1Panel-dev/MaxKB/releases