CVE-2026-39422 Overview
MaxKB, an open-source AI assistant for enterprise environments, contains a Stored Cross-Site Scripting (XSS) vulnerability in versions 2.7.1 and below. The vulnerability exists in the application name and icon fields when creating an application. When a victim visits the public chat interface at /ui/chat/{access_token}, the ChatHeadersMiddleware retrieves application data and directly inserts the unescaped application name and icon into the HTML response via string replacement. This allows an attacker to execute arbitrary JavaScript in the victim's browser context.
Critical Impact
Attackers can inject malicious JavaScript that executes in victims' browsers, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of authenticated users.
Affected Products
- MaxKB version 2.7.1 and below
- 1Panel-dev MaxKB open-source AI assistant deployments
- Public chat interfaces exposed at /ui/chat/{access_token} endpoints
Discovery Timeline
- 2026-04-14 - CVE-2026-39422 published to NVD
- 2026-04-14 - Last updated in NVD database
Technical Details for CVE-2026-39422
Vulnerability Analysis
This Stored XSS vulnerability (CWE-79) stems from improper handling of user-supplied input in the MaxKB application creation workflow. The attack requires low privileges to execute, as an authenticated user with application creation permissions can inject malicious payloads. However, exploitation requires victim interaction—specifically, a victim must visit the compromised public chat interface for the malicious script to execute.
The vulnerability impacts the integrity of the victim's session, as attackers can modify page content, redirect users, or perform actions on their behalf. While confidentiality is not directly affected according to the vulnerability assessment, the integrity impact is considered high due to the potential for arbitrary JavaScript execution.
Root Cause
The root cause of this vulnerability lies in the ChatHeadersMiddleware component, which fails to properly sanitize or escape application data before inserting it into HTML responses. When an application is created with a malicious name or icon field, the middleware uses direct string replacement to embed these values into the HTML without encoding special characters. This allows HTML and JavaScript content to be interpreted by the browser rather than displayed as text.
Attack Vector
The attack follows a network-based vector requiring the following conditions:
- Attacker Prerequisites: The attacker must have authenticated access with permissions to create applications within MaxKB
- Payload Injection: The attacker creates an application with a malicious name or icon field containing JavaScript code (e.g., <script>alert(document.cookie)</script> or event handler attributes)
- Persistence: The malicious payload is stored in the application database
- Victim Interaction: When any user visits the public chat interface URL (/ui/chat/{access_token}) for the compromised application, the ChatHeadersMiddleware retrieves the application data and injects the unescaped payload directly into the HTML response
- Execution: The victim's browser parses the HTML and executes the injected JavaScript in the context of the MaxKB domain
The attacker can leverage this to steal session tokens, perform phishing attacks, or execute actions with the victim's privileges.
Detection Methods for CVE-2026-39422
Indicators of Compromise
- Unusual application names or icon fields containing HTML tags, <script> elements, or JavaScript event handlers in the MaxKB database
- Server logs showing requests to /ui/chat/{access_token} endpoints followed by suspicious client-side behavior
- Application creation audit logs with payloads containing characters such as <, >, ", ', or javascript: URIs
Detection Strategies
- Implement Content Security Policy (CSP) headers to detect and block unauthorized inline script execution
- Monitor application creation and modification events for inputs containing HTML special characters or script-related keywords
- Deploy web application firewall (WAF) rules to flag requests with XSS payload patterns in application name or icon parameters
- Enable browser-based XSS auditing and review client-side error logs for blocked script attempts
Monitoring Recommendations
- Audit the application table in the MaxKB database for entries containing suspicious script content in name or icon columns
- Review access logs for the /ui/chat/ endpoint path to identify potential victim access to compromised applications
- Configure alerting for application modifications by users who should not have elevated privileges
How to Mitigate CVE-2026-39422
Immediate Actions Required
- Upgrade MaxKB to version 2.8.0 or later, which contains the fix for this vulnerability
- Audit existing applications for malicious content in name and icon fields and sanitize or remove compromised entries
- Restrict application creation permissions to trusted administrators until the patch is applied
- Implement Content Security Policy headers to mitigate the impact of any existing XSS payloads
Patch Information
The vulnerability has been addressed in MaxKB version 2.8.0. The fix is available through the GitHub Release v2.8.0. The specific commit addressing this vulnerability can be reviewed at the GitHub Commit. For complete details on the vulnerability disclosure, refer to the GitHub Security Advisory GHSA-wf7p-3jq5-q52w.
Workarounds
- Manually sanitize application name and icon fields in the database by HTML-encoding special characters (<, >, ", ', &)
- Implement input validation at the application creation API level to reject inputs containing HTML tags or script content
- Deploy a reverse proxy or WAF rule to strip or encode potentially malicious characters from application creation requests
- Disable public chat interface access temporarily by restricting access to /ui/chat/ endpoints until patching is complete
# Example: Database audit query to identify potentially compromised applications
# Run this against your MaxKB database to find suspicious entries
SELECT id, name, icon FROM application
WHERE name LIKE '%<script%'
OR name LIKE '%javascript:%'
OR name LIKE '%onerror=%'
OR icon LIKE '%<script%'
OR icon LIKE '%javascript:%';
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
