CVE-2024-56137

Medium CVSS: 6.8

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0.

Vendor

Maxkb

Product

Maxkb

CWE

CWE-78

Yayın Tarihi

2025-01-02 15:15:24

Güncelleme

2025-08-01 20:15:27

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Maxkb MEDIUM Maxkb 2025

Referanslar

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-76w2-2g72-cg85 https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-76w2-2g72-cg85

Benzer Kayıtlar

High

CVE-2025-66419

MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to…

High

CVE-2025-66446

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow…

High

CVE-2025-64511

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network serv…

Medium

CVE-2025-64703

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations b…

Medium

CVE-2025-53927

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed be…

Medium

CVE-2025-53928

MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution…