CVE-2026-39422 | 1Panel-dev MaxKB up to 2.7.x Public Chat Interface /ui/chat/ name/icon cross site scripting (GHSA-wf7p-3jq5-q52w)

A vulnerability identified as problematic has been detected in 1Panel-dev MaxKB up to 2.7.x. This impacts an unknown function of the file /ui/chat/ of the component Public Chat Interface. This manipulation of the argument name/icon causes cross site scripting.

The identification of this vulnerability is CVE-2026-39422. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More