CVE-2026-44847— MaxKB: Webhook Trigger Authentication Bypass
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| 1Panel-dev | MaxKB | < 2.9.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44847
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MaxKB: Webhook Trigger Authentication Bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which Django REST Framework interprets as successful authentication. Combined with optional per-trigger token verification and no backend enforcement of token requirements, any unauthenticated attacker who knows a valid trigger ID can invoke webhook triggers to execute their bound tasks. This vulnerability is fixed in 2.9.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| 1Panel-dev | MaxKB | < 2.9.0 | - |
II. Public POCs for CVE-2026-44847
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 10224 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-44847
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44847 (2)
Same Patch Batch · 1Panel-dev · 2026-05-26 · 6 CVEs total
| CVE-2026-42337 | MaxKB: Broken Access Control in MaxKB OSS URL Fetch API | |
| CVE-2026-42336 | MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch | |
| CVE-2026-42335 | MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy | |
| CVE-2026-45412 | MaxKB: Unauthenticated SSRF via Workflow Template Import | |
| CVE-2026-45413 | MaxKB: Unsalted MD5 Password Hashing |
IV. Related Vulnerabilities
Same product: MaxKB
- CVE-2026-42336
MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch - CVE-2026-42337
MaxKB: Broken Access Control in MaxKB OSS URL Fetch API - CVE-2026-45412
MaxKB: Unauthenticated SSRF via Workflow Template Import - CVE-2026-45413
MaxKB: Unsalted MD5 Password Hashing - CVE-2026-42335
MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing
Same vendor: 1Panel-dev
- CVE-2026-42336
MaxKB: SSRF Bypass via DNS Rebinding in MaxKB OSS URL Fetch - CVE-2026-42337
MaxKB: Broken Access Control in MaxKB OSS URL Fetch API - CVE-2026-45412
MaxKB: Unauthenticated SSRF via Workflow Template Import - CVE-2026-45413
MaxKB: Unsalted MD5 Password Hashing - CVE-2026-42335
MaxKB: SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing
Same weakness: CWE-287
- CVE-2026-44720
OpenLearnX: Critical Authentication Bypass via JWT Signature - CVE-2026-47272
pam_usb: OTP pad authentication bypass via missing system pa - CVE-2026-7876
Authentication bypass vulnerability found in Aspera High-Spe - CVE-2026-8994
Login with NEAR <= 0.3.3 - Authentication Bypass via 'accoun - CVE-2026-47202
Kavita: Pre-Auth Account Takeover
V. Comments for CVE-2026-44847
No comments yet