Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

1Panel-dev — Vulnerabilities & Security Advisories 44

Browse all 44 CVE security advisories affecting 1Panel-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.

1Panel-dev is an open-source, modern Linux server management tool designed to simplify the deployment and management of web applications through a graphical interface. Its architecture integrates containerization technologies, allowing users to manage databases, proxies, and monitoring services efficiently. Historically, the platform has been associated with forty-four recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation in API endpoints or improper access control mechanisms within the web interface. Notable incidents include critical RCE exploits that allowed unauthenticated attackers to gain full system control, highlighting risks inherent in complex management panels. While the project actively patches these issues, the high volume of past CVEs underscores the importance of rigorous security auditing for administrators relying on this tool for critical infrastructure management.

Top products by 1Panel-dev: MaxKB 1Panel KubePi
CVE IDTitleCVSSSeverityPublished
CVE-2026-39426 MaxKB: Stored XSS via Unsanitized iframe_render Parsing — MaxKBCWE-79 5.4 -2026-04-14
CVE-2026-39425 MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering — MaxKBCWE-80 5.4 -2026-04-14
CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing — MaxKBCWE-74 3.1 Low2026-04-14
CVE-2026-39424 MaxKB has CSV Injection in its Application Chat Export Functionality — MaxKBCWE-1236 7.8 -2026-04-14
CVE-2026-39423 Stored XSS via Eval Injection in EchartsRander Component — MaxKBCWE-79 5.4 -2026-04-14
CVE-2026-39422 MaxKB has Stored XSS via ChatHeadersMiddleware — MaxKBCWE-79 5.4 -2026-04-14
CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect — MaxKBCWE-693 6.3 Medium2026-04-14
CVE-2026-39420 MaxKB: Sandbox escape via LD_PRELOAD bypass — MaxKBCWE-693 6.3 Medium2026-04-14
CVE-2026-39418 MaxKB: SSRF via sandbox network hook bypass — MaxKBCWE-918 5.0 Medium2026-04-14
CVE-2026-39417 MaxKB: RCE via MCP stdio command injection in workflow engine — MaxKBCWE-78 4.6 Medium2026-04-14
CVE-2025-15632 1Panel-dev MaxKB MdPreview chat.ts cross site scripting — MaxKBCWE-79 3.5 Low2026-04-13
CVE-2026-6108 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection — MaxKBCWE-78 6.3 Medium2026-04-12
CVE-2026-6107 1Panel-dev MaxKB ChatHeadersMiddleware chat_headers_middleware.py cross site scripting — MaxKBCWE-79 3.5 Low2026-04-12
CVE-2026-6106 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting — MaxKBCWE-79 3.5 Low2026-04-11
CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting — 1PanelCWE-79 6.4 Medium2026-01-18
CVE-2025-66446 MaxKB has a Python sandbox LD_PRELOAD bypass — MaxKBCWE-362 8.8 High2025-12-11
CVE-2025-66419 MaxKB vulnerable to privilege escalation through sandbox bypass — MaxKBCWE-362 8.8 High2025-12-11
CVE-2025-66508 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers — 1PanelCWE-290 6.5 Medium2025-12-09
CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag — 1PanelCWE-602 7.5 High2025-12-09
CVE-2025-64703 MaxKB has Information Leak in sandbox — MaxKBCWE-200 6.3 Medium2025-11-13
CVE-2025-64511 MaxKB has SSRF in sandbox — MaxKBCWE-918 7.4 High2025-11-13
CVE-2025-10433 1Panel-dev MaxKB debug deserialization — MaxKBCWE-502 6.3 Medium2025-09-15
CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution — 1PanelCWE-77 8.1 High2025-08-01
CVE-2025-53928 MaxKB has RCE in MCP call — MaxKBCWE-94 4.6 Medium2025-07-17
CVE-2025-53927 MaxKB sandbox bypass — MaxKBCWE-94 4.6 Medium2025-07-17
CVE-2025-48950 MaxKB Python Sandbox Bypass in Function Library — MaxKBCWE-276 8.8AIHighAI2025-06-03
CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection — MaxKBCWE-1236 4.7 Medium2025-05-11
CVE-2025-32383 MaxKB has a reverse shell vulnerability in function library — MaxKBCWE-94 4.3 Medium2025-04-10
CVE-2024-56137 MaxKB RCE vulnerability in function library — MaxKBCWE-78 6.8 Medium2025-01-02
CVE-2024-36111 KubePi's JWT token validation has a defect — KubePiCWE-1259 6.3 Medium2024-07-25

This page lists every published CVE security advisory associated with 1Panel-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.