Description
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged result directly to file descriptor 1 (bypassing stdout redirection). By calling sys.exit(0), the attacker terminates the wrapper before it prints the legitimate output, causing the MaxKB service to parse and trust the spoofed response as the genuine tool result. This issue has been fixed in version 2.8.0.
Published: 2026-04-14
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: Trusted Result Spoofing
Action: Immediate Patch
AI Analysis

Impact

MaxKB, an open‑source enterprise AI assistant, allows an authenticated user to bypass the sandbox’s result validation. The attacker exploits Python frame introspection to read the wrapper’s UUID from bytecode constants and then writes a forged result directly to file descriptor 1, bypassing stdout redirection. By invoking sys.exit(0) the wrapper is terminated before producing legitimate output, and the service parses and trusts the spoofed response as a real tool result, effectively granting the user the ability to inject arbitrary output into the assistant’s responses.

Affected Systems

This flaw affects the MaxKB application developed by 1Panel‑dev. Versions 2.7.1 and earlier are vulnerable; the issue was resolved in the 2.8.0 release.

Risk and Exploitability

The CVSS v3.1 score of 3.1 indicates a low severity vulnerability, and the EPSS score is not available. MaxKB is not listed in CISA’s KEV catalog, suggesting no known exploits in the wild. Exploitation requires authenticated access and knowledge of the internal Python wrapper, making the attack surface relatively narrow and likely limited to privileged users. Nevertheless, because forged results are treated as legitimate, an attacker can expose sensitive data or influence downstream processes.

Generated by OpenCVE AI on April 14, 2026 at 03:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MaxKB to version 2.8.0 or later to apply the vendor fix.
  • If an immediate upgrade is not feasible, remove or downgrade privileged user access to prevent exploitation of the sandbox bypass.
  • Consider monitoring process output and file descriptor writes for anomalies, and verify that tool results are validated against expected formats before use.

Generated by OpenCVE AI on April 14, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Maxkb
Maxkb maxkb
CPEs cpe:2.3:a:maxkb:maxkb:*:*:*:*:-:*:*:*
Vendors & Products Maxkb
Maxkb maxkb

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared 1panel
1panel maxkb
Vendors & Products 1panel
1panel maxkb

Tue, 14 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Description MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged result directly to file descriptor 1 (bypassing stdout redirection). By calling sys.exit(0), the attacker terminates the wrapper before it prints the legitimate output, causing the MaxKB service to parse and trust the spoofed response as the genuine tool result. This issue has been fixed in version 2.8.0.
Title MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing
Weaknesses CWE-290
CWE-693
CWE-74
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

1panel Maxkb
Maxkb Maxkb
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-14T13:28:04.792Z

Reserved: 2026-04-07T00:23:30.595Z

Link: CVE-2026-39419

cve-icon Vulnrichment

Updated: 2026-04-14T13:27:59.458Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T02:16:05.143

Modified: 2026-04-20T17:32:17.920

Link: CVE-2026-39419

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:08Z

Weaknesses