MaxKB Remote Command Execution Vulnerability in MCP Call

A remote command execution vulnerability has been identified in MaxKB, an open-source AI assistant for enterprise, prior to versions 1.10.9-lts and 2.0.0. The vulnerability arises from a potential remote command execution issue during MCP calls.

Impact

Exploitation of this vulnerability allows an attacker to execute arbitrary commands on the server, potentially leading to unauthorized access or control over the system.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the MCP endpoint that includes payloads designed to be executed as commands on the server. This can be done using a tool that allows for the manipulation of HTTP requests, such as Postman or a similar application. After the payload is executed, the response can be checked to confirm the execution of the command.

Remediation

Users can upgrade to MaxKB versions 1.10.9-lts or 2.0.0 to address this vulnerability. However, direct upgrades from version 1.10.x to 2.0.x are not currently supported. The MaxKB team plans to release a migration tool in September 2025.