CVE-2026-39423

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.0

Description An Eval Injection issue exists in the Markdown rendering engine. This allows any user who can interact with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including administrators, leading to Stored Cross-Site Scripting (XSS), which is a method of injecting malicious scripts into a trusted website.

Recommendations Update to version 2.8.0.