PT-2026-57209 · Maxkb · Maxkb
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-54149
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MaxKB versions prior to 2.10.0-lts
Description
An issue exists where the tool import functionality in
apps/tools/serializers/tool.py and the MCP referencing mode in apps/application/chat pipeline/step/chat step/impl/base chat step.py do not consistently validate the MCP transport type. This allows an authenticated user to import a .tool file containing a stdio transport—a method used to launch local processes—with malicious commands. When triggered through an AI Chat node, the MultiServerMCPClient executes these arbitrary system commands on the server.Recommendations
Update MaxKB to version 2.10.0-lts.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Maxkb