CVE-2026-39425 | 1Panel-dev MaxKB up to 2.7.x Chatbot Interface /admin/api/workspace/ prologue cross site scripting (GHSA-3rq5-pgm7-pvp4)

A vulnerability was found in 1Panel-dev MaxKB up to 2.7.x. It has been classified as problematic. Impacted is an unknown function of the file /admin/api/workspace/ of the component Chatbot Interface. Performing a manipulation of the argument prologue results in basic cross site scripting.

This vulnerability is known as CVE-2026-39425. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More