CVE-2026-45412
Vulnerability Description
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary URLs in work_flow_template.downloadUrl which are fetched server-side without any URL validation or internal IP filtering. This vulnerability is fixed in 2.9.1.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-918
Source
NVD
Vendor
1Panel-dev
Product
MaxKB
Discussion (0)
Add Comment
No comments yet. Be the first!