Server-Side Request Forgery Vulnerability in MaxKB by 1Panel
CVE-2026-42336

5.1MEDIUM

Key Information:

Vendor: 1panel-dev
Status: Maxkb
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-42336?

MaxKB, an open-source AI assistant for enterprise use, has a vulnerability that allows for server-side request forgery (SSRF). This weakness originates from a lack of consistent DNS resolution during the validation and execution phases of requests, permitting attackers to access internal network services. This issue affects MaxKB versions 2.8.0 and earlier and has been addressed in version 2.8.1.

Affected Version(s)

MaxKB < 2.8.1

References

https://github.com/1Panel-dev/MaxKB/security/advisories/G...

x_refsource_CONFIRM

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
Apr 26, 2026

CVE-2026-42336 Data

JSON

1panel-dev

What is CVE-2026-42336?

Affected Version(s)

References

CVSS V4

Timeline