Unrated severityOSV Advisory· Published Dec 11, 2025· Updated Dec 18, 2025
MaxKB has a Python sandbox LD_PRELOAD bypass
CVE-2025-66446
Description
MaxKB is an open-source AI assistant for enterprise. Versions 2.3.1 and below have improper file permissions which allow attackers to overwrite the built-in dynamic linker and other critical files, potentially resulting in privilege escalation. This issue is fixed in version 2.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v0.9.0, v0.9.1, v1.0.0, …+ 1 more
- (no CPE)range: v0.9.0, v0.9.1, v1.0.0, …
- (no CPE)range: <=2.3.1
Patches
Vulnerability mechanics
References
2- github.com/1Panel-dev/MaxKB/releases/tag/v2.4.0mitrex_refsource_MISC
- github.com/1Panel-dev/MaxKB/security/advisories/GHSA-5xx2-3q9w-jpgfmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.