CVE-2026-39423: MaxKB AI Assistant XSS Vulnerability

CVE-2026-39423 Overview

CVE-2026-39423 is a Stored Cross-Site Scripting (XSS) vulnerability affecting MaxKB, an open-source AI assistant for enterprise environments. The vulnerability exists in the Markdown rendering engine and allows authenticated users with access to the AI chat interface to execute arbitrary JavaScript code in the browsers of other users, including administrators.

Critical Impact

Any user capable of interacting with the AI chat interface can inject malicious JavaScript that executes in the context of other users' sessions, potentially leading to session hijacking, credential theft, or privilege escalation to administrative accounts.

Affected Products

• MaxKB versions 2.7.1 and below
• MaxKB AI assistant chat interface
• MaxKB Markdown rendering engine

Discovery Timeline

• 2026-04-14 - CVE CVE-2026-39423 published to NVD
• 2026-04-14 - Last updated in NVD database

Technical Details for CVE-2026-39423

Vulnerability Analysis

This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), commonly known as Cross-Site Scripting. The flaw resides in MaxKB's Markdown rendering engine, which fails to properly sanitize user-supplied input before rendering it in the browser context of other users.

The Eval Injection nature of this vulnerability means that malicious input is processed through an evaluation function during Markdown rendering, allowing attackers to bypass typical input sanitization and execute arbitrary JavaScript. Since the malicious payload is stored server-side and rendered to multiple users, this constitutes a Stored XSS vulnerability—generally considered more severe than reflected XSS as it requires no additional user interaction beyond viewing the affected content.

Root Cause

The root cause stems from insufficient input validation and sanitization in the Markdown rendering engine. The rendering component uses an evaluation mechanism that processes user-controlled content without adequate security controls, allowing injection of executable JavaScript code through crafted Markdown input. This allows malicious scripts to be permanently stored and subsequently executed whenever any user—including administrators—views the affected chat content.

Attack Vector

The attack requires network access and a low-privileged authenticated account with the ability to interact with the MaxKB AI chat interface. An attacker crafts malicious Markdown content containing embedded JavaScript payloads and submits it through the chat interface. When other users, including administrators, view this content, the malicious JavaScript executes in their browser context.

This attack vector enables:

• Session token theft through document cookie access
• Keylogging and credential harvesting
• Unauthorized actions performed as the victim user
• Administrative account compromise leading to full system access
• Defacement or data exfiltration

The vulnerability mechanism involves crafted Markdown input that exploits the eval injection flaw in the rendering engine. For detailed technical analysis, see the GitHub Security Advisory GHSA-462x-99gf-mp79 and the commit changes that address this vulnerability.

Detection Methods for CVE-2026-39423

Indicators of Compromise

• Unusual JavaScript execution patterns in browser developer console logs when viewing chat history
• Unexpected outbound network requests from user browsers to external domains
• Reports of session hijacking or unauthorized account access following chat interface usage
• Stored chat messages containing suspicious Markdown syntax with embedded script tags or event handlers

Detection Strategies

• Implement Content Security Policy (CSP) headers to detect and block unauthorized script execution
• Deploy web application firewall (WAF) rules to identify XSS payload patterns in chat input
• Enable browser-side XSS auditing and monitoring through security extensions
• Review server-side logs for chat messages containing potentially malicious Markdown patterns

Monitoring Recommendations

• Monitor for abnormal JavaScript execution or DOM manipulation in chat rendering contexts
• Track authentication anomalies that may indicate session token theft
• Implement real-time alerting for CSP violation reports
• Review user-submitted chat content for common XSS payload signatures

How to Mitigate CVE-2026-39423

Immediate Actions Required

• Upgrade MaxKB to version 2.8.0 or later immediately
• Audit existing chat history for potentially malicious stored content
• Force logout all user sessions to invalidate any potentially compromised session tokens
• Review administrator account activity for signs of unauthorized access

Patch Information

The vulnerability has been addressed in MaxKB version 2.8.0. The fix involves proper sanitization of user input in the Markdown rendering engine to prevent eval injection attacks. The specific changes can be reviewed in the GitHub commit 34fb95bde9574c5b3a734ab00c7f29b9e7d32669. Organizations should download the patched version from the official GitHub release page.

Workarounds

• Restrict chat interface access to trusted users only until patching is complete
• Implement strict Content Security Policy headers to mitigate script execution
• Deploy a web application firewall with XSS protection rules in front of MaxKB instances
• Disable or restrict Markdown rendering features if possible without breaking critical functionality

# Content Security Policy header example for nginx
# Add to server block configuration to help mitigate XSS attacks
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'none';" always;