Skip to content

SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy

High
baixin513 published GHSA-r8hf-mwwr-hxgc May 6, 2026

Package

MaxKB

Affected versions

<=v2.8.0

Patched versions

v2.8.1

Description

Title

SSRF Bypass in MaxKB OSS URL Fetch due to URL Parsing Discrepancy

Summary

MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch endpoint. The vulnerability exists due to inconsistent URL parsing between the urlparse validation function and the requests HTTP client, allowing attackers to access internal network services.

Affected products

Package: 1Panel-dev/MaxKB
Versions: ≤ 2.8.0
Patched version: 2.8.1

Details

MaxKB is an open-source AI-powered question-and-answer application.
A SSRF bypass vulnerability exists in the /chat/api/oss/get_url endpoint of the OSS module. The application uses urlparse to validate and check the target host, while the actual HTTP request is sent using the requests library. These two components interpret malformed URLs containing backslashes and @ characters differently.
urlparse parses http://127.0.0.1:6666\\@1.1.1.1 and identifies the host as 1.1.1.1 (public IP, passing security checks).
requests parses the same URL and connects to 127.0.0.1:6666 (internal IP).
An authenticated attacker can exploit this discrepancy to bypass SSRF protection and access internal network resources.
Patches
Update MaxKB to version 2.8.1 or apply the official fix commit. The fix unifies URL parsing logic between the validator and request client to prevent interpretation mismatches.

Severity

High

CVE ID

CVE-2026-42335

Weaknesses

No CWEs

Credits