Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.6
MaxKB AI Assistant Remote Code Execution Risk in Older Versions
CVE-2026-39417
Summary
Versions 2.7.1 and below of the MaxKB AI assistant for enterprise are at risk of a serious security threat. An attacker could inject malicious code into the system, potentially allowing them to execute commands on the server. To protect your business, update to version 2.8.0 or later as soon as possible.
Original title
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node ...
Original description
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path (loading MCP config from the database). The else branch, responsible for loading mcp_servers directly from user-supplied JSON remains completely unpatched. Since mcp_source is an optional field (required=False), an attacker can simply omit it or set it to any non-referencing value to bypass the fix. By calling the workflow creation API directly with a crafted JSON payload, an attacker can inject a complete MCP node configuration with stdio transport, arbitrary command, and args — achieving RCE when the workflow is triggered via chat. This issue has been fixed in version 2.8.0.
nvd CVSS3.1
4.6
Vulnerability type
CWE-20
Improper Input Validation
CWE-78
OS Command Injection
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026