CVE-2026-39417: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in 1Panel-dev MaxKB
CVE-2026-39417 is an OS command injection vulnerability in 1Panel-dev MaxKB versions 2. 7. 1 and below. The vulnerability arises from an incomplete fix for a previous RCE issue (CVE-2025-53928), where the workflow engine's MCP node can still be manipulated via user-supplied JSON to inject arbitrary commands. Attackers can bypass the partial fix by omitting or setting the mcp_source field to a non-referencing value, allowing them to inject a malicious MCP node configuration that executes commands when the workflow is triggered. This issue is resolved in version 2. 8. 0. The CVSS score is 4. 6, indicating medium severity.
AI Analysis
Technical Summary
MaxKB versions prior to 2.8.0 contain an OS command injection vulnerability in the MCP node of the workflow engine due to incomplete remediation of CVE-2025-53928. The vulnerability exists because the else branch of the code, which loads mcp_servers directly from user-supplied JSON, remains unpatched. Since the mcp_source field is optional, attackers can bypass the referencing code path restriction by omitting or setting mcp_source to a non-referencing value. By sending a crafted JSON payload to the workflow creation API, an attacker can inject a malicious MCP node configuration with arbitrary commands and arguments, resulting in remote code execution when the workflow is triggered via chat. The vulnerability is fixed in MaxKB version 2.8.0.
Potential Impact
Successful exploitation allows an attacker with limited privileges and user interaction to achieve remote code execution on the affected system by injecting arbitrary commands into the MCP node configuration of the workflow engine. This can lead to unauthorized command execution within the context of the application, potentially compromising system integrity and confidentiality. The CVSS score of 4.6 reflects a medium severity impact with low confidentiality, integrity, and availability impact metrics.
Mitigation Recommendations
Upgrade MaxKB to version 2.8.0 or later, where this vulnerability has been fixed. Until the upgrade is applied, avoid exposing the workflow creation API to untrusted users or inputs. Patch status is confirmed fixed in version 2.8.0; no official temporary fixes are documented.
CVE-2026-39417: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in 1Panel-dev MaxKB
Description
CVE-2026-39417 is an OS command injection vulnerability in 1Panel-dev MaxKB versions 2. 7. 1 and below. The vulnerability arises from an incomplete fix for a previous RCE issue (CVE-2025-53928), where the workflow engine's MCP node can still be manipulated via user-supplied JSON to inject arbitrary commands. Attackers can bypass the partial fix by omitting or setting the mcp_source field to a non-referencing value, allowing them to inject a malicious MCP node configuration that executes commands when the workflow is triggered. This issue is resolved in version 2. 8. 0. The CVSS score is 4. 6, indicating medium severity.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
MaxKB versions prior to 2.8.0 contain an OS command injection vulnerability in the MCP node of the workflow engine due to incomplete remediation of CVE-2025-53928. The vulnerability exists because the else branch of the code, which loads mcp_servers directly from user-supplied JSON, remains unpatched. Since the mcp_source field is optional, attackers can bypass the referencing code path restriction by omitting or setting mcp_source to a non-referencing value. By sending a crafted JSON payload to the workflow creation API, an attacker can inject a malicious MCP node configuration with arbitrary commands and arguments, resulting in remote code execution when the workflow is triggered via chat. The vulnerability is fixed in MaxKB version 2.8.0.
Potential Impact
Successful exploitation allows an attacker with limited privileges and user interaction to achieve remote code execution on the affected system by injecting arbitrary commands into the MCP node configuration of the workflow engine. This can lead to unauthorized command execution within the context of the application, potentially compromising system integrity and confidentiality. The CVSS score of 4.6 reflects a medium severity impact with low confidentiality, integrity, and availability impact metrics.
Mitigation Recommendations
Upgrade MaxKB to version 2.8.0 or later, where this vulnerability has been fixed. Until the upgrade is applied, avoid exposing the workflow creation API to untrusted users or inputs. Patch status is confirmed fixed in version 2.8.0; no official temporary fixes are documented.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-07T00:23:30.595Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dd877882d89c981f920dca
Added to database: 4/14/2026, 12:16:56 AM
Last enriched: 4/14/2026, 12:31:56 AM
Last updated: 4/14/2026, 10:41:12 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.