Description
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses custom <iframe_render> tags from LLM responses or Application Prologue configurations, bypassing standard Markdown sanitization and XSS filtering. The unsanitized HTML content is passed to the IframeRender.vue component, which renders it directly into an <iframe> via the srcdoc attribute configured with sandbox="allow-scripts allow-same-origin". This can be a dangerous combination, allowing injected scripts to escape the iframe and execute JavaScript in the parent window using window.parent. Since the Prologue is rendered for any user visiting an application's chat interface, this results in a high-impact Stored XSS that can lead to session hijacking, unauthorized actions, and sensitive data exposure. This issue has been fixed in version 2.8.0.
Published: 2026-04-14
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored XSS
Action: Patch Now
AI Analysis

Impact

MaxKB, an open‑source AI assistant, contains a stored cross‑site scripting flaw in versions 2.7.1 and earlier. The front‑end component that renders LLM responses and application prologue configurations accepts custom <iframe_render> tags without sanitization. These tags are passed to a dedicated renderer that embeds the supplied HTML into an <iframe> using the srcdoc attribute. The sandbox on that iframe allows scripts to run and escape via window.parent, giving attackers a powerful route to execute JavaScript in the parent page.

Affected Systems

The vulnerability affects the 1Panel‑dev MaxKB product for all releases through 2.7.1. Any deployment that stores unfiltered LLM output or uses custom prologue settings is vulnerable; the flaw is fixed starting with version 2.8.0.

Risk and Exploitability

The CVSS score of 5.1 labels the issue as medium severity, and no EPSS estimate is available. Because the exploit merely requires the insertion of a malicious <iframe_render> tag into stored content, the barrier to attack is low for anyone with the ability to modify LLM output or configure the application prologue. The flaw is not listed in CISA's Known Exploited Vulnerabilities catalog, but its stored nature means that all users who view the compromised chat can be affected, allowing session hijacking, unauthorized actions, and data exposure.

Generated by OpenCVE AI on April 14, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MaxKB to version 2.8.0 or later to fully eliminate the flaw.
  • If an immediate upgrade is not possible, disable or remove the use of <iframe_render> tags in the prologue configuration and sanitize all LLM output before rendering.
  • Consider restricting configuration write access to trusted administrators to prevent injection of malicious tags.

Generated by OpenCVE AI on April 14, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Maxkb
Maxkb maxkb
CPEs cpe:2.3:a:maxkb:maxkb:*:*:*:*:-:*:*:*
Vendors & Products Maxkb
Maxkb maxkb
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared 1panel
1panel maxkb
Vendors & Products 1panel
1panel maxkb

Tue, 14 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Description MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses custom <iframe_render> tags from LLM responses or Application Prologue configurations, bypassing standard Markdown sanitization and XSS filtering. The unsanitized HTML content is passed to the IframeRender.vue component, which renders it directly into an <iframe> via the srcdoc attribute configured with sandbox="allow-scripts allow-same-origin". This can be a dangerous combination, allowing injected scripts to escape the iframe and execute JavaScript in the parent window using window.parent. Since the Prologue is rendered for any user visiting an application's chat interface, this results in a high-impact Stored XSS that can lead to session hijacking, unauthorized actions, and sensitive data exposure. This issue has been fixed in version 2.8.0.
Title MaxKB: Stored XSS via Unsanitized iframe_render Parsing
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

1panel Maxkb
Maxkb Maxkb
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-16T13:26:39.917Z

Reserved: 2026-04-07T00:23:30.596Z

Link: CVE-2026-39426

cve-icon Vulnrichment

Updated: 2026-04-16T13:26:10.616Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T02:16:05.460

Modified: 2026-04-20T17:31:20.650

Link: CVE-2026-39426

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:31:04Z

Weaknesses