CVE-2026-39424 Overview
CVE-2026-39424 is a CSV Formula Injection vulnerability (CWE-1236) affecting MaxKB, an open-source AI assistant for enterprise environments. The vulnerability exists in versions 2.7.1 and below, where the chat export feature fails to properly sanitize formula elements when generating Excel files. When an administrator exports application chat history, malicious strings starting with formula characters are written directly to the output file without sanitization. Opening the exported .xlsx file in spreadsheet applications like Microsoft Excel can trigger Dynamic Data Exchange (DDE), potentially leading to arbitrary code execution on the administrator's workstation.
Critical Impact
Attackers can inject malicious formula payloads into chat conversations that, when exported by administrators, can execute arbitrary commands on their workstations via DDE exploitation in spreadsheet applications.
Affected Products
- MaxKB versions 2.7.1 and below
- MaxKB chat export functionality via /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export
Discovery Timeline
- 2026-04-14 - CVE-2026-39424 published to NVD
- 2026-04-14 - Last updated in NVD database
Technical Details for CVE-2026-39424
Vulnerability Analysis
This vulnerability represents an Improper Neutralization of Formula Elements in a CSV File, classified under CWE-1236. The issue is particularly significant because it is a variant of CVE-2025-4546, which addressed the same vulnerability pattern in apps/dataset/serializers/document_serializers.py but failed to remediate the application chat export sink.
The vulnerable endpoint /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export allows authenticated administrators to export chat history data to Excel format. When processing user-supplied chat content, the application writes strings directly to the spreadsheet without checking for formula-triggering characters such as =, +, -, @, \t, or \r.
Root Cause
The root cause stems from insufficient input sanitization in the chat export functionality. While the developers patched a similar vulnerability in document serializers (CVE-2025-4546), they overlooked the parallel code path handling application chat exports. The export function writes raw cell content to Excel files without prefixing formula characters or escaping potentially dangerous strings, allowing injected formula payloads to remain intact in the exported document.
Attack Vector
The attack requires an adversary to inject a malicious payload into a chat conversation that will later be exported by an administrator. The attack flow proceeds as follows:
- An attacker submits a chat message containing a formula injection payload (e.g., =cmd|'/C calc'!A0 for DDE exploitation)
- An administrator exports the chat history through the administrative interface
- The exported .xlsx file contains the unescaped malicious formula
- When the administrator opens the file in Microsoft Excel (or similar spreadsheet software), they may be prompted to enable external data connections
- If the administrator accepts the prompt, the injected command executes on their workstation
This attack leverages Dynamic Data Exchange (DDE), a Windows feature that allows applications to exchange data. While modern versions of Excel include warnings before executing DDE commands, social engineering can convince users to bypass these protections.
Detection Methods for CVE-2026-39424
Indicators of Compromise
- Presence of chat messages containing formula-triggering characters (=, +, -, @) followed by suspicious command strings
- Unusual outbound network connections or process executions following the opening of exported Excel files
- Chat entries with DDE payload patterns such as =cmd| or =MSEXCEL|
Detection Strategies
- Monitor the /admin/api/workspace/{workspace_id}/application/{application_id}/chat/export endpoint for frequent export requests
- Implement content filtering rules to detect formula injection patterns in chat messages before storage
- Deploy endpoint detection and response (EDR) solutions to identify suspicious child processes spawned by spreadsheet applications
Monitoring Recommendations
- Enable audit logging for all administrative export operations in MaxKB
- Configure alerts for chat messages containing known formula injection patterns
- Monitor administrator workstations for unexpected process execution following spreadsheet file operations
How to Mitigate CVE-2026-39424
Immediate Actions Required
- Upgrade MaxKB to version 2.8.0 or later immediately
- Review existing chat history for potential malicious formula injections before exporting
- Educate administrators about the risks of enabling external data connections when opening exported files
Patch Information
The vulnerability has been fixed in MaxKB version 2.8.0. The fix is available in GitHub commit 24cd68a. Organizations should update to the latest version by downloading from the official release v2.8.0.
For detailed vulnerability information, refer to the GitHub Security Advisory GHSA-rr4r-7cj2-29vp.
Workarounds
- If immediate patching is not possible, disable or restrict access to the chat export functionality until the update can be applied
- Implement input validation at the application layer to sanitize formula characters by prefixing cells with a single quote (')
- Configure Microsoft Excel to disable DDE by default across the organization via Group Policy
- Open exported files in applications that do not support DDE execution, such as LibreOffice Calc with macros disabled
# Disable DDE in Microsoft Excel via registry (Windows)
reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\Security" /v WorkbookLinkWarnings /t REG_DWORD /d 2 /f
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
