MaxKB CSV Injection Vulnerability in Chat Export Feature Allowing Arbitrary Code Execution

A CSV injection vulnerability has been identified in the chat export feature of MaxKB, an open-source AI assistant for enterprise, in versions through 2.7.1. The vulnerability arises because the export function does not properly sanitize strings that begin with formula characters before writing them to an Excel file (.xlsx). This lack of proper neutralization allows malicious user input to be executed as a dynamic formula when the file is opened in spreadsheet applications like Microsoft Excel, leading to arbitrary code execution on the administrator's workstation via Dynamic Data Exchange (DDE). The issue is a variant of CVE-2025-4546, which addressed a similar vulnerability in a different export function but overlooked the chat export feature.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the administrator's workstation.

Reproduction

To reproduce this vulnerability, an administrator can export the application chat history to an Excel file using the chat export endpoint. The exported file will contain unescaped strings that start with formula characters. When this file is opened in Microsoft Excel, the formulas will be executed, potentially leading to arbitrary code execution on the workstation.

Remediation

Users can upgrade to MaxKB version 2.8.0, where this vulnerability has been fixed.