CVE-2026-42337
Gravedad CVSS v4.0:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
26/05/2026
Última modificación:
27/05/2026
Descripción
*** Pendiente de traducción *** MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API (chat/api/oss/get_url). The endpoint uses application_id from the URL path without validating ownership, allowing attackers to perform operations under other applications’ policies. This vulnerability is fixed in 2.8.1.
Impacto
Puntuación base 4.0
5.30
Gravedad 4.0
MEDIA



