Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-39425

CVE-2026-39425: MaxKB Stored XSS Vulnerability

CVE-2026-39425 is a stored cross-site scripting flaw in MaxKB that allows authenticated users to inject malicious code via the Application prologue field. This article covers technical details, affected versions, and mitigation.

Published:

CVE-2026-39425 Overview

CVE-2026-39425 is a Stored Cross-Site Scripting (XSS) vulnerability affecting MaxKB, an open-source AI assistant platform designed for enterprise environments. This vulnerability allows authenticated users to inject arbitrary HTML and JavaScript code into the Application prologue (Opening Remarks) field by wrapping malicious payloads in <html_rander> tags. The backend fails to properly sanitize or encode HTML entities, storing raw payloads directly in the database. When victims access the affected chatbot interface, the frontend renders this malicious content using an innerHTML-equivalent mechanism, resulting in persistent DOM-based Stored XSS execution.

Critical Impact

Successful exploitation enables session hijacking, unauthorized actions on behalf of victims (including workspace and application deletion), and sensitive data exposure across all users accessing the compromised chatbot interface.

Affected Products

  • MaxKB versions 2.7.1 and below
  • MaxKB enterprise deployments with user-accessible chatbot interfaces
  • All MaxKB installations where authenticated users can create or modify applications

Discovery Timeline

  • April 14, 2026 - CVE-2026-39425 published to NVD
  • April 14, 2026 - Last updated in NVD database

Technical Details for CVE-2026-39425

Vulnerability Analysis

This vulnerability is classified under CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page), representing a fundamental failure in input sanitization. The attack surface requires network access and authenticated user privileges, with passive user interaction needed when victims view the compromised chatbot interface.

The vulnerability affects the application management functionality within MaxKB's administrative interface. When applications are created or updated via the /admin/api/workspace/{workspace_id}/application endpoint, the prologue field content is stored without proper sanitization. The frontend then interprets <html_rander> tags as trusted content, rendering the payload directly into the DOM.

Root Cause

The root cause stems from insufficient input validation and output encoding in MaxKB's application management workflow. The backend accepts arbitrary HTML content within the prologue field without sanitizing dangerous elements or encoding HTML entities. Additionally, the frontend trusts content wrapped in <html_rander> tags, treating it as safe markup and rendering it using innerHTML-equivalent mechanisms without escaping. This dual failure—backend storage without sanitization and frontend rendering without encoding—creates a persistent XSS attack vector.

Attack Vector

The attack vector involves an authenticated user with application creation or modification privileges. The attacker crafts a malicious payload wrapped in <html_rander> tags and submits it as the prologue content when creating or updating an application through the workspace API endpoint. Once stored, any user who opens the affected chatbot interface will have the malicious JavaScript executed in their browser context. This enables the attacker to steal session tokens, perform actions on behalf of victims (such as deleting workspaces or applications), or exfiltrate sensitive data. The persistent nature of the vulnerability means it continues to affect all subsequent visitors until the malicious content is removed.

The vulnerability can be exploited by injecting malicious script payloads within <html_rander> tags in the application prologue field. When the affected chatbot interface is loaded by any user, the injected JavaScript executes in their browser context with full DOM access. See the GitHub Security Advisory GHSA-3rq5-pgm7-pvp4 for detailed technical information about the exploitation mechanism.

Detection Methods for CVE-2026-39425

Indicators of Compromise

  • Presence of <html_rander> tags containing <script> elements or JavaScript event handlers in application prologue fields
  • Unusual API calls to /admin/api/workspace/{workspace_id}/application endpoints with HTML-encoded or obfuscated payloads
  • Unexpected session token transmissions or data exfiltration to external domains from chatbot pages

Detection Strategies

  • Monitor application database entries for <html_rander> tags containing suspicious content such as script tags, event handlers (onclick, onerror, etc.), or JavaScript URIs
  • Implement Web Application Firewall (WAF) rules to detect and block XSS payload patterns in API requests targeting application management endpoints
  • Enable detailed logging for the /admin/api/workspace/{workspace_id}/application endpoint to capture and review prologue field modifications

Monitoring Recommendations

  • Establish baseline behavior for application modifications and alert on anomalous prologue content patterns
  • Deploy Content Security Policy (CSP) violation reporting to detect inline script execution attempts
  • Configure SIEM alerts for authentication events followed by rapid application API modifications

How to Mitigate CVE-2026-39425

Immediate Actions Required

  • Upgrade MaxKB to version 2.8.0 or later immediately to apply the security fix
  • Audit all existing application prologue fields for potentially malicious content and sanitize or remove suspicious entries
  • Review access logs for recent application modifications to identify potential compromise attempts

Patch Information

This vulnerability has been fixed in MaxKB version 2.8.0. Organizations should upgrade to this version or later to remediate the vulnerability. The fix implements proper input sanitization on the backend and secure rendering practices on the frontend. For detailed release information, refer to the GitHub Release v2.8.0.

Workarounds

  • Restrict application creation and modification privileges to trusted administrators only until the upgrade is applied
  • Implement a Content Security Policy (CSP) header with script-src 'self' to prevent inline script execution as a defense-in-depth measure
  • Deploy a Web Application Firewall rule to filter requests containing <html_rander> tags with embedded script content targeting the application API endpoints
bash
# Example Content Security Policy header configuration for nginx
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';" always;

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.