Description
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary URLs in work_flow_template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in 2.9.1.
Published: 2026-05-26
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unvalidated URLs supplied during workflow template import allow a server‑side request to be made to arbitrary destinations. The resulting activity can access internal network resources, potentially revealing sensitive data or enabling further attacks. The weakness is categorized as CWE‑918.

Affected Systems

The vulnerability affects the open‑source AI assistant MaxKB from 1Panel‑dev. Versions before 2.9.1 are susceptible; all releases 2.9.1 and later contain the fix.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity. Although the EPSS score is not listed, the vulnerability is not present in the CISA KEV catalog. The attack requires authenticated access to create or import workflow templates, but the impact remains substantial because arbitrary URLs can target internal hosts. No public exploit is documented, yet the lack of input validation makes exploitation straightforward for users with permission to import templates.

Generated by OpenCVE AI on May 26, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MaxKB to version 2.9.1 or later to apply the vendor‑issued fix
  • Configure the web server or firewall to restrict outbound connections from the MaxKB process, especially to internal or private IP ranges
  • Implement a URL whitelist or use inbound proxy filtering to ensure that only approved external endpoints can be used in workflow template imports

Generated by OpenCVE AI on May 26, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary URLs in work_flow_template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in 2.9.1.
Title MaxKB: Unauthenticated SSRF via Workflow Template Import
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-26T20:14:39.702Z

Reserved: 2026-05-12T01:48:40.452Z

Link: CVE-2026-45412

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-26T21:16:40.097

Modified: 2026-05-26T21:16:40.097

Link: CVE-2026-45412

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T21:30:16Z

Weaknesses