CVE-2026-39424

EPSS 0.37%
Veröffentlicht 14.04.2026 00:56:56
Zuletzt bearbeitet 20.04.2026 17:34:19
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

MaxKB has CSV Injection in its Application Chat Export Functionality

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, strings starting with formula characters are written directly without proper sanitization. Opening this file in spreadsheet applications like Microsoft Excel can lead to Arbitrary Code Execution (RCE) on the administrator's workstation via Dynamic Data Exchange (DDE). The issue is a variant of CVE-2025-4546, which fixed the exact same pattern in apps/dataset/serializers/document_serializers.py but missed the application chat export sink. This issue has been fixed in version 2.8.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Maxkb ≫ Maxkb SwEdition- Version < 2.8.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.284

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1.2	3.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
security-advisories@github.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-1236 Improper Neutralization of Formula Elements in a CSV File

The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.

https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0

Release Notes

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-rr4r-7cj2-29vp

Vendor Advisory

https://github.com/1Panel-dev/MaxKB/commit/24cd68acae5f726eed828e2ac801827a2a70536f

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-39424

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-39424

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-39424

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-39424