CVE-2026-39421

HIGH EPSS 17.8%
Published Apr 14, 20262mo ago · Modified Jun 17, 20261w ago
7.4 CVSS 3.1
High
Find Similar
Published Apr 14, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-based sandbox.so module to achieve arbitrary code execution via direct kernel system calls, enabling full network exfiltration and container compromise. The library intercepts critical standard system functions such as execve, system, connect, and open. It also intercepts mprotect to prevent PROT_EXEC (executable memory) allocations within the sandboxed Python processes, but pkey_mprotect is not blocked. This issue has been fixed in version 2.8.0.

CVSS Details

Base Score
7.4
Exploitability
3.1
Impact
3.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Low
Integrity Low
Availability Low

Threat Intelligence

EPSS Exploit Probability
17.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-693
CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

VendorProductVersionRange
maxkbmaxkb* <2.8.0

References 3

  • github.com https://github.com/1Panel-dev/MaxKB/commit/479701a4d2e6059506bad0057a66bed91abb5aef
    Patch
  • github.com https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0
    Release Notes
  • github.com https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-9c6w-j7w5-3gf7
    Vendor Advisory

Remediation

  • github.com https://github.com/1Panel-dev/MaxKB/commit/479701a4d2e6059506bad0057a66bed91abb5aef
    Patch