Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
MaxKB 2.7.1 and Below: Authenticated Attackers Can Steal Data
CVE-2026-39421
Summary
The MaxKB open-source AI assistant has a security flaw in its ToolExecutor component that allows an attacker with certain permissions to execute malicious code and steal sensitive data from the network. This issue affects MaxKB versions 2.7.1 and below, but is fixed in version 2.8.0. To protect yourself, upgrade to the latest version of MaxKB.
Original title
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute ...
Original description
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-based sandbox.so module to achieve arbitrary code execution via direct kernel system calls, enabling full network exfiltration and container compromise. The library intercepts critical standard system functions such as execve, system, connect, and open. It also intercepts mprotect to prevent PROT_EXEC (executable memory) allocations within the sandboxed Python processes, but pkey_mprotect is not blocked. This issue has been fixed in version 2.8.0.
nvd CVSS3.1
6.3
Vulnerability type
CWE-94
Code Injection
CWE-693
Protection Mechanism Failure
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026