1Panel-dev MaxKB Remote Code Execution Vulnerability
Vulnerability
A remote code execution vulnerability exists in 1Panel-dev MaxKB versions through 2.6.1. The issue arises in the Model Context Protocol Node component, specifically within the 'execute' function of 'base_mcp_node.py'. The vulnerability is due to improper validation of MCP transport types, which allows authenticated users to inject arbitrary commands that are executed on the server.
Impact
Exploitation of this vulnerability allows authenticated users to execute arbitrary shell commands on the host server where MaxKB is running.
Reproduction
To reproduce this vulnerability, an authenticated user must create or edit an application workflow that includes an MCP node. The 'mcp_servers' parameter can be set to inject a payload that includes a command to be executed, such as a request to execute the 'id' command. Once the workflow is saved, it can be triggered, which will execute the injected command on the server.
Remediation
Users are advised to upgrade to the latest version of MaxKB, as the vendor has released a patch for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.