CVE-2024-56137

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 1.9.0

Description MaxKB is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation. A remote command execution issue existed in the function library module, allowing privileged users to execute system commands in custom scripts.

Recommendations For versions prior to 1.9.0, update to version 1.9.0 to resolve the issue. As a temporary workaround, consider restricting the execution of custom scripts or limiting the privileges of users who can execute scripts until the update is applied.