Zero Day MonitorZDM

← Back to list

6.3

CVE-2026-39421EXPLOITEDPATCHED

1panel-dev · maxkb

MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect

Description

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-based sandbox.so module to achieve arbitrary code execution via direct kernel system calls, enabling full network exfiltration and container compromise. The library intercepts critical standard system functions such as execve, system, connect, and open. It also intercepts mprotect to prevent PROT_EXEC (executable memory) allocations within the sandboxed Python processes, but pkey_mprotect is not blocked. This issue has been fixed in version 2.8.0.

Affected Products

Vendor	Product	Versions
1panel-dev	maxkb	< 2.8.0

References

https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-9c6w-j7w5-3gf7(x_refsource_CONFIRM)
https://github.com/1Panel-dev/MaxKB/commit/479701a4d2e6059506bad0057a66bed91abb5aef(x_refsource_MISC)
https://github.com/1Panel-dev/MaxKB/releases/tag/v2.8.0(x_refsource_MISC)

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-39421 | 1Panel-dev MaxKB up to 2.7.x ToolExecutor sandbox.so LD_PRELOAD protection mechanism (GHSA-9c6w-j7w5-3gf7)

→ No new info (linked only)

CVSS 3.16.3 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

2.8.0

CWECWE-693, CWE-94

PublishedApr 14, 2026

Last enriched7h agov2

Trending Score48

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-39420EXP

MaxKB: Sandbox escape via LD_PRELOAD bypass

HIGHCVE-2026-39425EXP

MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering

HIGHCVE-2026-39426EXP

MaxKB: Stored XSS via Unsanitized iframe_render Parsing

HIGHCVE-2026-39419EXP

MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

HIGHCVE-2026-39422EXP

MaxKB has Stored XSS via ChatHeadersMiddleware

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Patch Available

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: severity, activelyExploited, patchAvailable

Apr 14, 2026

Version History

v2

Last enriched 7h ago

v2Tier C7h ago

Updated severity to CRITICAL, marked as actively exploited, and noted that no exploit currently exists.

severityactivelyExploitedpatchAvailable

via VulDB

v111h ago

Initial creation