CVE-2026-6107
Description
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. Upgrading to version 2.8.0 is capable of addressing this issue. Patch name: 026a2d623e2aa5efa67c4834651e79d5d7cab1da. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MaxKB ≤2.6.1 has a stored XSS where authenticated attackers can inject JavaScript via application name/icon fields, executed when victims access the public chat interface.
Vulnerability
Overview
A stored cross-site scripting (XSS) vulnerability exists in MaxKB, an open-source enterprise agent platform, in versions up to and including 2.6.1. The flaw resides in the ChatHeadersMiddleware component within the file apps/common/middleware/chat_headers_middleware.py. When processing a request, the middleware constructs an HTML response that includes the application’s name and icon values without proper HTML escaping. An attacker can control these values through the POST /api/application/ endpoint set these values to malicious JavaScript payloads. The name and icon parameters are not sanitized in the serialization code (apps/application/serializers/application.py), leading to direct injection into the HTTP response [2].
Exploitation
Conditions
Exploitation requires authentication to the MaxKB application, but no special privileges beyond a standard user account. The attacker creates or modifies an application, setting the name field to a payload such as `. When a victim subsequently accesses the public chat interface at /ui/chat/{access_token}, the server returns an HTML page where the ` tag is replaced with the unescaped malicious content. Because the middleware writes user-controlled data into the HTML document using string replacement without escaping, the victim’s browser parses the injected script and executes it [2]. The attack does not require any special network position; it is fully remote.
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the victim’s browser context, within the domain of the MaxKB application. This can lead to theft of session cookies, impersonation of the user, or exfiltration of sensitive data displayed on the page. Since the payload is stored on the server, any user visiting the affected chat page will trigger the script, making the vulnerability a stored (persistent) XSS. The CVSS v3 base score is 3.5, reflecting the requirement for authentication and the relatively low impact of typical of client-side execution in a controlled environment [1].
Mitigation & Fix
The issue has been addressed in MaxKB version 2.8.0, released on 12 April 2026. The fix applies HTML escaping to the application_icon and application_name values within the ChatHeadersMiddleware before inserting them into the HTTP response. The official patch is identified by commit 026a2d623e2aa5efa67c4834651e79d5d7cab1da [1][4]. Users are strongly recommended to upgrade to v2.8.0 or later. No workarounds have been published for earlier versions; the vendor was notified ahead of time and responded with a prompt fix [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=2.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7News mentions
0No linked articles in our index yet.