Description
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue (Opening Remarks) field by wrapping malicious payloads in <html_rander> tags. The backend fails to sanitize or encode HTML entities in the prologue field when applications are created or updated via the /admin/api/workspace/{workspace_id}/application endpoint, storing the raw payload directly in the database. The frontend then renders this content using an innerHTML-equivalent mechanism, trusting <html_rander>-wrapped content to be safe, which enables persistent DOM-based Stored XSS execution against any visitor who opens the affected chatbot interface. Exploitation can lead to session hijacking, unauthorized actions performed on behalf of victims (such as deleting workspaces or applications), and sensitive data exposure. This issue has been fixed in version 2.8.0.
Published: 2026-04-14
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting (XSS) via unsanitized markdown content
Action: Patch Immediately
AI Analysis

Impact

MaxKB versions 2.7.1 and earlier allow authenticated users to inject malicious HTML and JavaScript into the Application prologue field by wrapping payloads inside <html_rander> tags. Because the backend does not sanitize or encode this input and the frontend renders it with an innerHTML‑equivalent, a persistent DOM‑based Stored XSS is established. The vulnerability is an instance of CWE‑80, which describes improper neutralization of text passed to a web browser. An attacker can hijack sessions, perform unauthorized actions such as deleting workspaces or applications, and exfiltrate sensitive data.

Affected Systems

The flaw affects the 1Panel‑dev MaxKB AI assistant. All releases up through 2.7.1 are vulnerable; users should upgrade to version 2.8.0 or later to eliminate the risk.

Risk and Exploitability

The CVSS base score of 5.1 indicates moderate severity, while EPSS data is unavailable and the issue is not in CISA’s KEV catalog. Exploitation requires the attacker to be an authenticated user with permission to modify an application via the /admin/api/workspace/{workspace_id}/application REST endpoint. Once the malicious prologue is stored, any visitor to the chatbot interface will encounter the injected script, enabling cross‑site attacks.

Generated by OpenCVE AI on April 14, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MaxKB to version 2.8.0 or newer.
  • If upgrading is not possible, restrict edit permissions on the Application prologue field to trusted users only.
  • Avoid using the prologue field for user‑submitted content or enforce strict input validation to strip disallowed HTML tags.
  • Apply any vendor‑issued hotfixes or patches as soon as they become available.

Generated by OpenCVE AI on April 14, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Maxkb
Maxkb maxkb
CPEs cpe:2.3:a:maxkb:maxkb:*:*:*:*:-:*:*:*
Vendors & Products Maxkb
Maxkb maxkb
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared 1panel
1panel maxkb
Vendors & Products 1panel
1panel maxkb

Tue, 14 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Description MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue (Opening Remarks) field by wrapping malicious payloads in <html_rander> tags. The backend fails to sanitize or encode HTML entities in the prologue field when applications are created or updated via the /admin/api/workspace/{workspace_id}/application endpoint, storing the raw payload directly in the database. The frontend then renders this content using an innerHTML-equivalent mechanism, trusting <html_rander>-wrapped content to be safe, which enables persistent DOM-based Stored XSS execution against any visitor who opens the affected chatbot interface. Exploitation can lead to session hijacking, unauthorized actions performed on behalf of victims (such as deleting workspaces or applications), and sensitive data exposure. This issue has been fixed in version 2.8.0.
Title MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering
Weaknesses CWE-80
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

1panel Maxkb
Maxkb Maxkb
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-14T15:56:06.211Z

Reserved: 2026-04-07T00:23:30.596Z

Link: CVE-2026-39425

cve-icon Vulnrichment

Updated: 2026-04-14T15:56:02.369Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T02:16:05.307

Modified: 2026-04-20T17:31:48.390

Link: CVE-2026-39425

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:07Z

Weaknesses