CVE-2026-39418

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.0

Description An authenticated user with tool-editing permissions can bypass sandbox network protection to reach internal services that are explicitly blocked by the banned hosts configuration. The sandbox utilizes LD PRELOAD to hook the connect() function to block connections to banned IPs. However, using socket.sendto() with the MSG FASTOPEN flag allows TCP connections to be established directly through the kernel without calling connect(), thereby bypassing IP validation. While sendto is included in the syscall() wrapper, it remains ineffective because glibc invokes the kernel syscall directly instead of routing through the hooked syscall() function.

Recommendations Update to version 2.8.0.