{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39425", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-07T00:23:30.596Z", "datePublished": "2026-04-14T01:18:42.895Z", "dateUpdated": "2026-04-14T15:56:06.211Z"}, "containers": {"cna": {"title": "MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering", "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-3rq5-pgm7-pvp4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-3rq5-pgm7-pvp4"}, {"name": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0"}], "affected": [{"vendor": "1Panel-dev", "product": "MaxKB", "versions": [{"version": "< 2.8.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-14T01:18:42.895Z"}, "descriptions": [{"lang": "en", "value": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue (Opening Remarks) field by wrapping malicious payloads in <html_rander> tags. The backend fails to sanitize or encode HTML entities in the prologue field when applications are created or updated via the /admin/api/workspace/{workspace_id}/application endpoint, storing the raw payload directly in the database. The frontend then renders this content using an innerHTML-equivalent mechanism, trusting <html_rander>-wrapped content to be safe, which enables persistent DOM-based Stored XSS execution against any visitor who opens the affected chatbot interface. Exploitation can lead to session hijacking, unauthorized actions performed on behalf of victims (such as deleting workspaces or applications), and sensitive data exposure. This issue has been fixed in version 2.8.0."}], "source": {"advisory": "GHSA-3rq5-pgm7-pvp4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:55:57.493672Z", "id": "CVE-2026-39425", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:56:06.211Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39425", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:55:57.493672Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:56:02.369Z"}}], "cna": {"title": "MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering", "source": {"advisory": "GHSA-3rq5-pgm7-pvp4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "1Panel-dev", "product": "MaxKB", "versions": [{"status": "affected", "version": "< 2.8.0"}]}], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-3rq5-pgm7-pvp4", "name": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-3rq5-pgm7-pvp4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "name": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue (Opening Remarks) field by wrapping malicious payloads in <html_rander> tags. The backend fails to sanitize or encode HTML entities in the prologue field when applications are created or updated via the /admin/api/workspace/{workspace_id}/application endpoint, storing the raw payload directly in the database. The frontend then renders this content using an innerHTML-equivalent mechanism, trusting <html_rander>-wrapped content to be safe, which enables persistent DOM-based Stored XSS execution against any visitor who opens the affected chatbot interface. Exploitation can lead to session hijacking, unauthorized actions performed on behalf of victims (such as deleting workspaces or applications), and sensitive data exposure. This issue has been fixed in version 2.8.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-14T01:18:42.895Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39425", "state": "PUBLISHED", "dateUpdated": "2026-04-14T15:56:06.211Z", "dateReserved": "2026-04-07T00:23:30.596Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-14T01:18:42.895Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue (Opening Remarks) field by wrapping malicious payloads in <html_rander> tags. The backend fails to sanitize or encode HTML entities in the prologue field when applications are created or updated via the /admin/api/workspace/{workspace_id}/application endpoint, storing the raw payload directly in the database. The frontend then renders this content using an innerHTML-equivalent mechanism, trusting <html_rander>-wrapped content to be safe, which enables persistent DOM-based Stored XSS execution against any visitor who opens the affected chatbot interface. Exploitation can lead to session hijacking, unauthorized actions performed on behalf of victims (such as deleting workspaces or applications), and sensitive data exposure. This issue has been fixed in version 2.8.0."}], "id": "CVE-2026-39425", "lastModified": "2026-04-14T02:16:05.307", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-14T02:16:05.307", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-3rq5-pgm7-pvp4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.8.0)"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "MaxKB", "source": "cna", "vendor": "1Panel-dev"}, "product": "maxkb", "vendor": "1panel"}], "analysis": {"en": {"generated_at": "2026-04-14T03:51:22.717375+00:00", "value": {"mitigation_remediation": ["Upgrade MaxKB to version 2.8.0 or newer.", "If upgrading is not possible, restrict edit permissions on the Application prologue field to trusted users only.", "Avoid using the prologue field for user\u2011submitted content or enforce strict input validation to strip disallowed HTML tags.", "Apply any vendor\u2011issued hotfixes or patches as soon as they become available."], "summary": {"action": "Patch Immediately", "impact": "Stored Cross\u2011Site Scripting (XSS) via unsanitized markdown content"}, "threat_synthesis": {"affected_systems": "The flaw affects the 1Panel\u2011dev MaxKB AI assistant. All releases up through 2.7.1 are vulnerable; users should upgrade to version 2.8.0 or later to eliminate the risk.", "description_and_impact": "MaxKB versions 2.7.1 and earlier allow authenticated users to inject malicious HTML and JavaScript into the Application prologue field by wrapping payloads inside <html_rander> tags. Because the backend does not sanitize or encode this input and the frontend renders it with an innerHTML\u2011equivalent, a persistent DOM\u2011based Stored XSS is established. The vulnerability is an instance of CWE\u201180, which describes improper neutralization of text passed to a web browser. An attacker can hijack sessions, perform unauthorized actions such as deleting workspaces or applications, and exfiltrate sensitive data.", "risk_and_exploitability": "The CVSS base score of 5.1 indicates moderate severity, while EPSS data is unavailable and the issue is not in CISA\u2019s KEV catalog. Exploitation requires the attacker to be an authenticated user with permission to modify an application via the /admin/api/workspace/{workspace_id}/application REST endpoint. Once the malicious prologue is stored, any visitor to the chatbot interface will encounter the injected script, enabling cross\u2011site attacks."}}}}, "created": "2026-04-14T16:16:10.746861+00:00", "updated": "2026-04-14T16:31:07.259971+00:00", "vendors": ["1panel", "1panel$PRODUCT$maxkb"]}