CVE-2026-42336
MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
17th
MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch functionality due to inconsistent DNS resolution between validation and actual request execution, allowing attackers to access internal network services. This vulnerability is fixed in 2.8.1.
| CWE | CWE-367 CWE-918 |
| Vendor | 1panel-dev |
| Product | maxkb |
| Published | May 26, 2026 |
| Last Updated | May 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for 1panel-dev maxkb
Be the first to know when new unknown vulnerabilities affecting 1panel-dev maxkb are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
1Panel-dev / MaxKB
< 2.8.1