CVE-2025-48950
MaxKB Python Sandbox Bypass in Function Library
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
MaxKB Python Sandbox Bypass in Function Library
MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue.
Reserved 2025-05-28 | Published 2025-06-03 | Updated 2025-06-03 | Assigner GitHub_MCWE-276: Incorrect Default Permissions
github.com/.../MaxKB/security/advisories/GHSA-p2qq-x9j2-px8v
github.com/1Panel-dev/MaxKB/pull/3127
github.com/...ommit/187e9c1e4ea1ebb6864c5bf61558c42f2fc6c005
github.com/1Panel-dev/MaxKB/releases/tag/v1.10.8-lts
Support options
