VYPR
Unrated severityOSV Advisory· Published Dec 11, 2025· Updated Dec 18, 2025

MaxKB has a Python sandbox LD_PRELOAD bypass

CVE-2025-66446

Description

MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 1panel Dev/MaxkbOSV2 versions
    v0.9.0, v0.9.1, v1.0.0, …+ 1 more
    • (no CPE)range: v0.9.0, v0.9.1, v1.0.0, …
    • (no CPE)range: <=2.3.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.