CVE-2026-39419 PUBLISHED

MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

Assigner: GitHub_M
Reserved: 07.04.2026 Published: 14.04.2026 Updated: 14.04.2026

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged result directly to file descriptor 1 (bypassing stdout redirection). By calling sys.exit(0), the attacker terminates the wrapper before it prints the legitimate output, causing the MaxKB service to parse and trust the spoofed response as the genuine tool result. This issue has been fixed in version 2.8.0.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 3.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	1Panel-dev
Product	MaxKB
Versions	Version < 2.8.0 is affected

References

Problem Types

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE
CWE-693: Protection Mechanism Failure CWE
CWE-290: Authentication Bypass by Spoofing CWE