Title
SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy
Summary
MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse validation function and the requests HTTP client, allowing attackers to access internal network services.
Affected products
Package: 1Panel-dev/MaxKB
Versions: ≤ 2.8.0
Patched version: 2.8.1
Details
MaxKB is an open-source AI-powered question-and-answer application.
A SSRF bypass vulnerability exists in the /chat/api/oss/get_url endpoint of the OSS module. The application uses urlparse to validate and check the target host, while the actual HTTP request is sent using the requests library. These two components interpret malformed URLs containing backslashes and @ characters differently.
urlparse parses http://127.0.0.1:6666\\@1.1.1.1 and identifies the host as 1.1.1.1 (public IP, passing security checks).
requests parses the same URL and connects to 127.0.0.1:6666 (internal IP).
An authenticated attacker can exploit this discrepancy to bypass SSRF protection and access internal network resources.
Patches
Update MaxKB to version 2.8.1 or apply the official fix commit. The fix unifies URL parsing logic between the validator and request client to prevent interpretation mismatches.
Title
SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy
Summary
MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse validation function and the requests HTTP client, allowing attackers to access internal network services.
Affected products
Package: 1Panel-dev/MaxKB
Versions: ≤ 2.8.0
Patched version: 2.8.1
Details
MaxKB is an open-source AI-powered question-and-answer application.
A SSRF bypass vulnerability exists in the /chat/api/oss/get_url endpoint of the OSS module. The application uses urlparse to validate and check the target host, while the actual HTTP request is sent using the requests library. These two components interpret malformed URLs containing backslashes and @ characters differently.
urlparse parses http://127.0.0.1:6666\\@1.1.1.1 and identifies the host as 1.1.1.1 (public IP, passing security checks).
requests parses the same URL and connects to 127.0.0.1:6666 (internal IP).
An authenticated attacker can exploit this discrepancy to bypass SSRF protection and access internal network resources.
Patches
Update MaxKB to version 2.8.1 or apply the official fix commit. The fix unifies URL parsing logic between the validator and request client to prevent interpretation mismatches.