๐Ÿ” CVE Alert

CVE-2026-45413

UNKNOWN 0.0

MaxKB: Unsalted MD5 Password Hashing

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
1th

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force (hashcat). This vulnerability is fixed in 2.9.1.

CWE CWE-328
Vendor 1panel-dev
Product maxkb
Published May 26, 2026
Last Updated May 27, 2026
Stay Ahead of the Next One

Get instant alerts for 1panel-dev maxkb

Be the first to know when new unknown vulnerabilities affecting 1panel-dev maxkb are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

1Panel-dev / MaxKB
< 2.9.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-2m4c-mcq5-q8xq