Description
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, strings starting with formula characters are written directly without proper sanitization. Opening this file in spreadsheet applications like Microsoft Excel can lead to Arbitrary Code Execution (RCE) on the administrator's workstation via Dynamic Data Exchange (DDE). The issue is a variant of CVE-2025-4546, which fixed the exact same pattern in apps/dataset/serializers/document_serializers.py but missed the application chat export sink. This issue has been fixed in version 2.8.0.
Published: 2026-04-14
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via CSV injection in exported chat files
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an improper neutralization of formula elements in CSV data, resulting in the injection of spreadsheet formulas when a chat history is exported from the application. If an attacker can include strings that begin with Excel formula characters in the chat content, the exported .xlsx file will contain executable formulas. When an administrative user opens that file in a spreadsheet program such as Microsoft Excel, dynamic data exchange can trigger arbitrary code execution on the workstation. The weakness aligns with CWE‑1236 and potentially compromises the confidentiality, integrity, and availability of the administrator’s system.

Affected Systems

The affected product is 1Panel‑dev’s MaxKB, an open‑source AI assistant used by enterprises. Versions 2.7.1 and earlier are vulnerable; the issue was resolved in the 2.8.0 release. The export operation is performed via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. While EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, the likely attack vector requires the administrator to accept and open the maliciously crafted .xlsx file. An attacker who can influence chat content—such as an external user or a compromised account—can place harmful formulas into the export. Exploitation is therefore possible in environments where users export chat logs without sanitization and use spreadsheet applications that interpret formulas. Overall risk is moderate but could be higher in organizations that use legacy or unpatched systems.

Generated by OpenCVE AI on April 14, 2026 at 02:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MaxKB to version 2.8.0 or later to remove the injection sink.
  • Limit the chat export feature to trusted administrators or users who can be verified.
  • Configure spreadsheet applications to disable dynamic data exchange or macro execution before opening exported files.
  • Ensure endpoint and application inputs are sanitized to strip leading formula characters.
  • Monitor for attempts to export chat history containing suspicious or formula‑starting text.

Generated by OpenCVE AI on April 14, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Maxkb
Maxkb maxkb
CPEs cpe:2.3:a:maxkb:maxkb:*:*:*:*:-:*:*:*
Vendors & Products Maxkb
Maxkb maxkb
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L'}

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared 1panel
1panel maxkb
Vendors & Products 1panel
1panel maxkb

Tue, 14 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, strings starting with formula characters are written directly without proper sanitization. Opening this file in spreadsheet applications like Microsoft Excel can lead to Arbitrary Code Execution (RCE) on the administrator's workstation via Dynamic Data Exchange (DDE). The issue is a variant of CVE-2025-4546, which fixed the exact same pattern in apps/dataset/serializers/document_serializers.py but missed the application chat export sink. This issue has been fixed in version 2.8.0.
Title MaxKB has CSV Injection in its Application Chat Export Functionality
Weaknesses CWE-1236
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

1panel Maxkb
Maxkb Maxkb
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-16T13:26:40.061Z

Reserved: 2026-04-07T00:23:30.596Z

Link: CVE-2026-39424

cve-icon Vulnrichment

Updated: 2026-04-16T13:26:12.789Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T01:16:05.153

Modified: 2026-04-20T17:34:19.030

Link: CVE-2026-39424

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:09Z

Weaknesses