CVE-2026-42335 Overview
CVE-2026-42335 is a Server-Side Request Forgery (SSRF) bypass [CWE-918] affecting MaxKB, an open-source AI assistant for enterprise environments. The flaw exists in the OSS file service URL fetch endpoint at chat/api/oss/get_url. MaxKB versions 2.8.0 and prior are vulnerable. An authenticated low-privilege attacker can bypass URL validation to reach internal network services. Maintainers fixed the issue in MaxKB version 2.8.1.
Critical Impact
Authenticated attackers can bypass SSRF protections in MaxKB to access internal network services through the OSS file service URL fetch endpoint.
Affected Products
- MaxKB version 2.8.0
- MaxKB versions prior to 2.8.0
- Fixed in MaxKB version 2.8.1
Discovery Timeline
- 2026-05-26 - CVE-2026-42335 published to NVD
- 2026-05-27 - Last updated in NVD database
Technical Details for CVE-2026-42335
Vulnerability Analysis
The vulnerability is a Server-Side Request Forgery (SSRF) bypass in the MaxKB OSS file service. The affected endpoint chat/api/oss/get_url accepts a URL parameter and fetches the referenced resource server-side. MaxKB validates the supplied URL using Python's urlparse function before passing it to the requests HTTP client for retrieval. Attackers exploit inconsistent URL parsing behavior between these two components to send requests to internal-only network services. The endpoint requires authentication with low privileges, limiting the attack to users with valid accounts. Successful exploitation enables reconnaissance of internal infrastructure and interaction with services that are not exposed to the public network.
Root Cause
The root cause is parser differential between urlparse and the requests library. The validation function interprets a crafted URL as pointing to an allowed external host. The downstream HTTP client interprets the same URL differently and issues a request to an internal target. This parser confusion defeats the host allowlist check intended to block SSRF attempts.
Attack Vector
The attack is performed over the network against an authenticated session. The attacker submits a malformed or ambiguous URL to the chat/api/oss/get_url endpoint. The URL is crafted so that urlparse extracts a benign hostname while requests resolves and contacts an internal host. The server then issues the request from its own network position, allowing the attacker to reach metadata services, internal APIs, or other non-public endpoints. See the GitHub Security Advisory GHSA-r8hf-mwwr-hxgc for technical details on the specific parser inconsistency exploited.
Detection Methods for CVE-2026-42335
Indicators of Compromise
- Requests to chat/api/oss/get_url containing URLs with unusual characters, embedded credentials, or IPv6 formats that differ from typical OSS file URLs.
- Outbound HTTP requests originating from the MaxKB application server to internal IP ranges such as 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or 169.254.169.254.
- Application logs showing successful URL validation followed by HTTP requests to hosts that do not match the validated hostname.
Detection Strategies
- Inspect web access logs for POST or GET requests to the chat/api/oss/get_url endpoint and correlate them with subsequent egress traffic from the MaxKB host.
- Alert on any MaxKB server connection to cloud metadata endpoints, link-local addresses, or RFC1918 ranges that are not part of normal application behavior.
- Compare the hostname submitted in the request body with the destination of the outbound connection to identify parser differential exploitation.
Monitoring Recommendations
- Enable detailed request logging on the MaxKB application and forward logs to a centralized analytics platform for retention and search.
- Monitor authenticated user activity for accounts issuing high volumes of URL fetch requests, especially to varied or encoded hostnames.
- Track DNS resolution from the MaxKB server and flag lookups for internal-only domains or cloud provider metadata hostnames.
How to Mitigate CVE-2026-42335
Immediate Actions Required
- Upgrade MaxKB to version 2.8.1 or later, which contains the fix for the SSRF bypass.
- Audit existing user accounts and revoke access for unused or untrusted low-privilege users who can reach the OSS file service endpoint.
- Review recent access logs for the chat/api/oss/get_url endpoint to identify any prior exploitation attempts.
Patch Information
The vulnerability is fixed in MaxKB version 2.8.1. The patch resolves the parser differential between urlparse validation and the requests HTTP client. Refer to the MaxKB GitHub Security Advisory for full release information and upgrade instructions.
Workarounds
- Place the MaxKB application behind an egress firewall that blocks outbound connections to internal IP ranges and cloud metadata endpoints.
- Restrict network reachability from the MaxKB server to only the external OSS endpoints required for normal operation.
- Disable or proxy the OSS file service URL fetch functionality until the upgrade to version 2.8.1 can be completed.
# Configuration example: restrict egress from MaxKB host using iptables
iptables -A OUTPUT -d 169.254.169.254 -j DROP
iptables -A OUTPUT -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -d 192.168.0.0/16 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
