Cross-Site Scripting Vulnerability in 1Panel-dev MaxKB ChatHeadersMiddleware
CVE-2026-6107

5.1MEDIUM

Key Information:

Vendor: 1panel-dev
Status: Maxkb
Vendor: CVE Published:; 12 April 2026

What is CVE-2026-6107?

A cross-site scripting vulnerability has been identified in 1Panel-dev MaxKB versions up to 2.6.1. The flaw lies in the processing of an argument in the ChatHeadersMiddleware component, specifically within the file apps/common/middleware/chat_headers_middleware.py. This vulnerability allows attackers to exploit the system remotely by manipulating input, leading to potential unauthorized access and execution of malicious scripts in the context of the user's session. Users are strongly advised to upgrade to version 2.8.0, which includes critical security patches that mitigate this issue effectively. The vendor has shown prompt responsiveness and professionalism in addressing this vulnerability by quickly releasing a fix.

Affected Version(s)

MaxKB 2.6.0

MaxKB 2.6.1

MaxKB 2.8.0

References

https://vuldb.com/vuln/356966

vdb-entrytechnical-description

https://vuldb.com/vuln/356966/cti

signaturepermissions-required

https://vuldb.com/submit/782263

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2026
Vulnerability Reserved
Apr 11, 2026

Credit

Ana10gy (VulDB User)

VulDB CNA Team

CVE-2026-6107 Data

JSON

1panel-dev

What is CVE-2026-6107?

Affected Version(s)

References

CVSS V4

Timeline

Credit