Security Bypass in MaxKB AI Assistant Affecting Versions 2.7.1 and Below
CVE-2026-39418

5MEDIUM

Key Information:

Vendor

1panel-dev

Status
Maxkb
Vendor
CVE Published:
14 April 2026

What is CVE-2026-39418?

MaxKB, an open-source AI assistant for enterprise, is susceptible to a critical security flaw that allows authenticated users to bypass sandbox network protections in versions 2.7.1 and earlier. By using the socket.sendto() function with the MSG_FASTOPEN flag, users with tool-editing permissions can access internal services that should be restricted by the sandbox's banned hosts configuration. The sandbox attempts to enforce network restrictions through LD_PRELOAD and hooks into the connect() function. However, the use of sendto() with MSG_FASTOPEN can circumvent these controls by establishing TCP connections directly through the kernel, effectively undermining the intended IP validation and compromising the integrity of the system. This vulnerability has been addressed in version 2.8.0.

Affected Version(s)

MaxKB < 2.8.0

References

https://github.com/1Panel-dev/MaxKB/security/advisories/G...
x_refsource_CONFIRM
https://github.com/1Panel-dev/MaxKB/commit/4d06362750b153...
x_refsource_MISC
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0
x_refsource_MISC

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.