CNNVD-202512-2038 Information
CNNVD ID
CNNVD-202512-2038
Related CVE
- CNNVD Published: 2025-12-11
Description (Chinese)
MaxKB是1Panel-dev开源的一款基于大语言模型和 RAG 的开源知识库问答系统。 MaxKB 2.3.1及之前版本存在竞争条件问题漏洞,该漏洞源于工具模块允许攻击者在特定并发条件下逃逸沙箱环境,可能导致权限提升。
Description (English)
MaxKB is a large-language model and RAG-based open-source knowledge database question and answer system for 1 Panel-dev open source. MaxKB 2.3.1 and previous versions have a gap in the conditions of competition, which stems from the tool module that allows the aggressor to escape from the sandbox environment under certain co-opting conditions, which may lead to increased access.
Hazard Level
Medium
Vulnerability Type
竞争条件问题
Affected Vendor
1Panel-dev
Published
2025-12-11
Last Modified
2026-02-24
References
https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7 https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0 https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c
Patch
https://github.com/1Panel-dev/MaxKB/releases
Share on: