Platform
python
Component
maxkb
Fixed in
2.8.1
CVE-2026-39421 describes a critical sandbox escape vulnerability discovered in MaxKB, an open-source AI assistant for enterprise. This flaw allows an authenticated attacker with workspace privileges to bypass the intended security restrictions and achieve arbitrary code execution. The vulnerability impacts versions 2.7.1 and earlier, and a fix is available in version 2.8.0.
The impact of CVE-2026-39421 is significant due to its potential for complete container compromise. An attacker who can exploit this vulnerability can bypass the LD_PRELOAD-based sandbox by leveraging Python's ctypes library to directly invoke kernel system calls. This bypass allows the attacker to execute arbitrary code within the container's context, effectively gaining full control. This control extends to network exfiltration, enabling the attacker to steal sensitive data stored within the container or accessible from the network. The ability to execute arbitrary code also opens the door to further exploitation, potentially leading to lateral movement within the enterprise network if the container has access to other resources. This vulnerability shares similarities with other sandbox escape exploits where bypassing security boundaries allows for unrestricted access and control.
CVE-2026-39421 was publicly disclosed on 2026-04-14. Currently, there is no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept (PoC) code is not yet available, but the technical details of the bypass are well-understood, increasing the likelihood of PoC development in the near future.
Exploit Status
EPSS
0.08% (24% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-39421 is to immediately upgrade MaxKB to version 2.8.0 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible due to compatibility concerns or breaking changes, consider implementing stricter workspace privilege controls to limit the potential impact of a successful exploit. While not a complete solution, restricting the attacker's ability to execute code within the workspace can reduce the scope of the compromise. Monitoring for unusual Python process activity, particularly those utilizing ctypes and interacting with system calls, can provide early warning signs of exploitation. Review and harden the container's security posture, including network segmentation and least privilege access controls, to limit the blast radius in case of a successful attack.
Update MaxKB to version 2.8.0 or higher to mitigate the sandbox escape vulnerability. This update fixes the failure to block pkey_mprotect system calls, which allows an attacker to execute arbitrary code.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-39421 is a sandbox escape vulnerability in MaxKB versions 2.7.1 and below, allowing attackers to bypass security restrictions and achieve arbitrary code execution.
If you are using MaxKB version 2.7.1 or earlier, you are affected by this vulnerability. Upgrade to version 2.8.0 or later to mitigate the risk.
The recommended fix is to upgrade MaxKB to version 2.8.0 or later. If upgrading is not immediately possible, implement stricter workspace privilege controls.
As of now, there is no confirmed evidence of active exploitation, but the vulnerability is publicly known and could be targeted in the future.
Refer to the official MaxKB security advisory for detailed information and updates: [https://maxkb.ai/security/advisories/CVE-2026-39421]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.