{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39424", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-07T00:23:30.596Z", "datePublished": "2026-04-14T00:56:56.625Z", "dateUpdated": "2026-04-16T13:26:40.061Z"}, "containers": {"cna": {"title": "MaxKB has CSV Injection in its Application Chat Export Functionality", "problemTypes": [{"descriptions": [{"cweId": "CWE-1236", "lang": "en", "description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-rr4r-7cj2-29vp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-rr4r-7cj2-29vp"}, {"name": "https://github.com/1Panel-dev/MaxKB/commit/24cd68acae5f726eed828e2ac801827a2a70536f", "tags": ["x_refsource_MISC"], "url": "https://github.com/1Panel-dev/MaxKB/commit/24cd68acae5f726eed828e2ac801827a2a70536f"}, {"name": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0"}], "affected": [{"vendor": "1Panel-dev", "product": "MaxKB", "versions": [{"version": "< 2.8.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-14T00:56:56.625Z"}, "descriptions": [{"lang": "en", "value": "MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, strings starting with formula characters are written directly without proper sanitization. Opening this file in spreadsheet applications like Microsoft Excel can lead to Arbitrary Code Execution (RCE) on the administrator's workstation via Dynamic Data Exchange (DDE). The issue is a variant of CVE-2025-4546, which fixed the exact same pattern in apps/dataset/serializers/document_serializers.py but missed the application chat export sink. This issue has been fixed in version 2.8.0."}], "source": {"advisory": "GHSA-rr4r-7cj2-29vp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39424", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T13:22:56.887003Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:26:40.061Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39424", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T13:22:56.887003Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T13:26:12.789Z"}}], "cna": {"title": "MaxKB has CSV Injection in its Application Chat Export Functionality", "source": {"advisory": "GHSA-rr4r-7cj2-29vp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "1Panel-dev", "product": "MaxKB", "versions": [{"status": "affected", "version": "< 2.8.0"}]}], "references": [{"url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-rr4r-7cj2-29vp", "name": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-rr4r-7cj2-29vp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/1Panel-dev/MaxKB/commit/24cd68acae5f726eed828e2ac801827a2a70536f", "name": "https://github.com/1Panel-dev/MaxKB/commit/24cd68acae5f726eed828e2ac801827a2a70536f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "name": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, strings starting with formula characters are written directly without proper sanitization. Opening this file in spreadsheet applications like Microsoft Excel can lead to Arbitrary Code Execution (RCE) on the administrator's workstation via Dynamic Data Exchange (DDE). The issue is a variant of CVE-2025-4546, which fixed the exact same pattern in apps/dataset/serializers/document_serializers.py but missed the application chat export sink. This issue has been fixed in version 2.8.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1236", "description": "CWE-1236: Improper Neutralization of Formula Elements in a CSV File"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-14T00:56:56.625Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39424", "state": "PUBLISHED", "dateUpdated": "2026-04-16T13:26:40.061Z", "dateReserved": "2026-04-07T00:23:30.596Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-14T00:56:56.625Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint, strings starting with formula characters are written directly without proper sanitization. Opening this file in spreadsheet applications like Microsoft Excel can lead to Arbitrary Code Execution (RCE) on the administrator's workstation via Dynamic Data Exchange (DDE). The issue is a variant of CVE-2025-4546, which fixed the exact same pattern in apps/dataset/serializers/document_serializers.py but missed the application chat export sink. This issue has been fixed in version 2.8.0."}], "id": "CVE-2026-39424", "lastModified": "2026-04-17T15:26:13.013", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-14T01:16:05.153", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/1Panel-dev/MaxKB/commit/24cd68acae5f726eed828e2ac801827a2a70536f"}, {"source": "security-advisories@github.com", "url": "https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-rr4r-7cj2-29vp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1236"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.8.0)"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "MaxKB", "source": "cna", "vendor": "1Panel-dev"}, "product": "maxkb", "vendor": "1panel"}], "analysis": {"en": {"generated_at": "2026-04-14T02:20:40.574434+00:00", "value": {"mitigation_remediation": ["Upgrade MaxKB to version 2.8.0 or later to remove the injection sink.", "Limit the chat export feature to trusted administrators or users who can be verified.", "Configure spreadsheet applications to disable dynamic data exchange or macro execution before opening exported files.", "Ensure endpoint and application inputs are sanitized to strip leading formula characters.", "Monitor for attempts to export chat history containing suspicious or formula\u2011starting text."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via CSV injection in exported chat files"}, "threat_synthesis": {"affected_systems": "The affected product is 1Panel\u2011dev\u2019s MaxKB, an open\u2011source AI assistant used by enterprises. Versions 2.7.1 and earlier are vulnerable; the issue was resolved in the 2.8.0 release. The export operation is performed via the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint.", "description_and_impact": "The vulnerability is an improper neutralization of formula elements in CSV data, resulting in the injection of spreadsheet formulas when a chat history is exported from the application. If an attacker can include strings that begin with Excel formula characters in the chat content, the exported .xlsx file will contain executable formulas. When an administrative user opens that file in a spreadsheet program such as Microsoft Excel, dynamic data exchange can trigger arbitrary code execution on the workstation. The weakness aligns with CWE\u20111236 and potentially compromises the confidentiality, integrity, and availability of the administrator\u2019s system.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. While EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, the likely attack vector requires the administrator to accept and open the maliciously crafted .xlsx file. An attacker who can influence chat content\u2014such as an external user or a compromised account\u2014can place harmful formulas into the export. Exploitation is therefore possible in environments where users export chat logs without sanitization and use spreadsheet applications that interpret formulas. Overall risk is moderate but could be higher in organizations that use legacy or unpatched systems."}}}}, "created": "2026-04-14T16:16:12.900392+00:00", "updated": "2026-04-14T16:31:09.326028+00:00", "vendors": ["1panel", "1panel$PRODUCT$maxkb"]}