CVE-2026-45412 | 1Panel-dev MaxKB up to 2.9.0 URL Validation work_flow_template.downloadUrl server-side request forgery (GHSA-x9g5-j56j-4mfj)

A vulnerability, which was classified as critical, has been found in 1Panel-dev MaxKB up to 2.9.0. Impacted is the function work_flow_template.downloadUrl of the component URL Validation Handler. This manipulation causes server-side request forgery.

This vulnerability is handled as CVE-2026-45412. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More