CVE-2026-42337 Overview
CVE-2026-42337 is a broken access control vulnerability in MaxKB, an open-source AI assistant for enterprise. The flaw exists in the Object Storage Service (OSS) file URL fetch API endpoint chat/api/oss/get_url. The endpoint accepts an application_id parameter from the URL path without verifying that the authenticated user owns the referenced application. Authenticated attackers can invoke operations governed by another application's policies. MaxKB versions 2.8.0 and prior are affected, and the issue is resolved in version 2.8.1. The weakness is classified under CWE-862: Missing Authorization.
Critical Impact
Authenticated users can bypass tenant boundaries and perform OSS file operations under arbitrary applications' policies, breaking multi-tenant isolation in MaxKB deployments.
Affected Products
- MaxKB 2.8.0
- MaxKB versions prior to 2.8.0
- 1Panel-dev MaxKB open-source AI assistant deployments
Discovery Timeline
- 2026-05-26 - CVE-2026-42337 published to NVD
- 2026-05-27 - Last updated in NVD database
Technical Details for CVE-2026-42337
Vulnerability Analysis
MaxKB exposes an OSS file URL fetch endpoint at chat/api/oss/get_url. The handler reads the application_id value directly from the request path and uses it to scope the file operation. The endpoint does not validate whether the authenticated caller owns or is associated with that application. An authenticated attacker can substitute another tenant's application_id and execute file URL fetch operations under that application's policy context.
The issue is a server-side authorization defect rather than a client-side restriction failure. Because the trust decision relies on a path parameter the client controls, any caller with a valid session can pivot across applications. This breaks the access isolation MaxKB enforces elsewhere in the platform.
Root Cause
The root cause is missing authorization enforcement [CWE-862]. The get_url handler trusts the path-supplied application_id for scoping but performs no ownership check against the session principal. Authorization logic must reject requests where the caller is not entitled to act on the requested application.
Attack Vector
Exploitation requires network access to the MaxKB API and a valid low-privilege account. The attacker issues a request to chat/api/oss/get_url while substituting the application_id path component with the identifier of a targeted application. The server processes the request under that application's policies, exposing file URL fetch behavior outside the attacker's intended scope. No user interaction is required beyond authenticated API access.
No public proof-of-concept code is referenced in the advisory. The technical details are documented in the MaxKB GitHub Security Advisory GHSA-2jmj-gwvg-3gp2.
Detection Methods for CVE-2026-42337
Indicators of Compromise
- Requests to chat/api/oss/get_url where the application_id path component does not match an application owned by the authenticated session principal.
- Repeated enumeration patterns iterating through sequential or random application_id values from a single account or source IP.
- OSS file URL fetch operations recorded against applications that the requesting user has no prior interaction history with.
Detection Strategies
- Correlate API access logs with application ownership records to flag cross-tenant application_id access on the OSS endpoint.
- Baseline normal per-user application access patterns and alert on access to unfamiliar application identifiers.
- Monitor for HTTP 200 responses on get_url calls where the session user lacks an authorization grant to the referenced application in the database.
Monitoring Recommendations
- Enable verbose API access logging on the MaxKB application server, capturing authenticated user ID, source IP, and full request path.
- Forward MaxKB logs to a centralized SIEM and build queries that join request paths with the application ownership table.
- Alert on high-volume access to chat/api/oss/get_url from a single account within short time windows.
How to Mitigate CVE-2026-42337
Immediate Actions Required
- Upgrade MaxKB to version 2.8.1 or later, which contains the authorization fix for the OSS file URL fetch endpoint.
- Audit recent API logs for cross-application requests against chat/api/oss/get_url and investigate anomalous activity.
- Rotate any sensitive OSS objects or signed URLs that may have been retrieved through the vulnerable endpoint.
Patch Information
The vulnerability is fixed in MaxKB 2.8.1. Refer to the GitHub Security Advisory GHSA-2jmj-gwvg-3gp2 for the official advisory and patch details. Operators running MaxKB 2.8.0 or earlier should plan an upgrade as soon as possible.
Workarounds
- Restrict network access to the MaxKB API to trusted users and internal networks until the upgrade is applied.
- Place an API gateway or reverse proxy in front of MaxKB that validates the requesting user's entitlement to the application_id in the request path.
- Reduce the privilege level and account count for the MaxKB instance, limiting the population of users able to invoke the vulnerable endpoint.
# Upgrade MaxKB to the patched release
docker pull 1panel/maxkb:v2.8.1
docker stop maxkb && docker rm maxkb
# Recreate the container using your existing volume and environment configuration
# referencing the 1panel/maxkb:v2.8.1 image
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
