CVE-2026-39426: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in 1Panel-dev MaxKB
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses custom <iframe_render> tags from LLM responses or Application Prologue configurations, bypassing standard Markdown sanitization and XSS filtering. The unsanitized HTML content is passed to the IframeRender.vue component, which renders it directly into an <iframe> via the srcdoc attribute configured with sandbox="allow-scripts allow-same-origin". This can be a dangerous combination, allowing injected scripts to escape the iframe and execute JavaScript in the parent window using window.parent. Since the Prologue is rendered for any user visiting an application's chat interface, this results in a high-impact Stored XSS that can lead to session hijacking, unauthorized actions, and sensitive data exposure. This issue has been fixed in version 2.8.0.
AI Analysis
Technical Summary
CVE-2026-39426 is a stored XSS vulnerability in MaxKB (versions < 2.8.0) where the MdRenderer.vue component parses custom <iframe_render> tags from LLM responses or Application Prologue configurations without proper sanitization. The unsanitized HTML is passed to IframeRender.vue, which renders it inside an iframe using the srcdoc attribute with sandbox="allow-scripts allow-same-origin". This sandbox configuration allows injected scripts to escape the iframe sandbox and execute JavaScript in the parent window via window.parent. Since the Prologue is rendered for all users visiting the chat interface, this vulnerability can lead to session hijacking, unauthorized actions, and sensitive data exposure.
Potential Impact
The vulnerability enables attackers to inject malicious scripts that execute in the context of the parent window for any user accessing the affected chat interface. This can result in session hijacking, unauthorized actions on behalf of the user, and exposure of sensitive information. The CVSS 4.0 score is 5.1 (medium severity), reflecting network attack vector, low complexity, no privileges required, and partial impact on confidentiality, integrity, and availability.
Mitigation Recommendations
This vulnerability is fixed in MaxKB version 2.8.0. Users and administrators should upgrade to version 2.8.0 or later to remediate this issue. No additional vendor advisory or patch links are provided, but the version upgrade is the official fix.
CVE-2026-39426: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in 1Panel-dev MaxKB
Description
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses custom <iframe_render> tags from LLM responses or Application Prologue configurations, bypassing standard Markdown sanitization and XSS filtering. The unsanitized HTML content is passed to the IframeRender.vue component, which renders it directly into an <iframe> via the srcdoc attribute configured with sandbox="allow-scripts allow-same-origin". This can be a dangerous combination, allowing injected scripts to escape the iframe and execute JavaScript in the parent window using window.parent. Since the Prologue is rendered for any user visiting an application's chat interface, this results in a high-impact Stored XSS that can lead to session hijacking, unauthorized actions, and sensitive data exposure. This issue has been fixed in version 2.8.0.
CVSS v4.0
Score 5.1medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-39426 is a stored XSS vulnerability in MaxKB (versions < 2.8.0) where the MdRenderer.vue component parses custom <iframe_render> tags from LLM responses or Application Prologue configurations without proper sanitization. The unsanitized HTML is passed to IframeRender.vue, which renders it inside an iframe using the srcdoc attribute with sandbox="allow-scripts allow-same-origin". This sandbox configuration allows injected scripts to escape the iframe sandbox and execute JavaScript in the parent window via window.parent. Since the Prologue is rendered for all users visiting the chat interface, this vulnerability can lead to session hijacking, unauthorized actions, and sensitive data exposure.
Potential Impact
The vulnerability enables attackers to inject malicious scripts that execute in the context of the parent window for any user accessing the affected chat interface. This can result in session hijacking, unauthorized actions on behalf of the user, and exposure of sensitive information. The CVSS 4.0 score is 5.1 (medium severity), reflecting network attack vector, low complexity, no privileges required, and partial impact on confidentiality, integrity, and availability.
Mitigation Recommendations
This vulnerability is fixed in MaxKB version 2.8.0. Users and administrators should upgrade to version 2.8.0 or later to remediate this issue. No additional vendor advisory or patch links are provided, but the version upgrade is the official fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-07T00:23:30.596Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dd9c8b82d89c981fa1192c
Added to database: 4/14/2026, 1:46:51 AM
Last enriched: 4/21/2026, 5:58:43 AM
Last updated: 5/28/2026, 11:01:20 PM
Views: 69
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.