← back
CVE-2025-66419

MaxKB vulnerable to privilege escalation through sandbox bypass

CVSS 8.8 HIGHEPSS 0.3%CWE-362
MaxKB is an open-source AI assistant for enterprise. In versions 2.3.1 and below, the tool module allows an attacker to escape the sandbox environment and escalate privileges under certain concurrent conditions. This issue is fixed in version 2.4.0.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
1Panel-dev · MaxKB

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/1Panel-dev/MaxKB/commit/f8ada9a110c4dbef8c3c2636c78847ecd621ece7https://github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-f9qm-2pxq-fx6c