| Title | 1Panel-dev MaxKB <= v2.6.1 Remote Code Execution |
|---|
| Description | MaxKB is vulnerable to Remote Code Execution (RCE) due to improper validation placement in its Model Context Protocol (MCP) node implementation. Although the application implements a whitelist to restrict MCP transport types to safe values ('sse' and 'streamable_http'), this validation is only enforced on the tool-listing API endpoint. It is bypassed entirely during workflow application saving and execution. An authenticated user can inject arbitrary transport configurations (such as stdio with OS commands) via the application edit endpoint. When the workflow is subsequently triggered, the unsanitized configuration is passed directly to the MultiServerMCPClient, resulting in arbitrary shell command execution on the host server.
|
|---|
| Source | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/30 |
|---|
| User | Ana10gy (UID 93358) |
|---|
| Submission | 03/18/2026 13:49 (25 days ago) |
|---|
| Moderation | 04/11/2026 09:35 (24 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 356968 [1Panel-dev MaxKB up to 2.6.1 Model Context Protocol Node base_mcp_node.py execute os command injection] |
|---|
| Points | 20 |
|---|