CVE Daily

CVE-2024-56137

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base que...

Medium CVSS 6.8

Overview

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privilegedβ€Œ users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0.

CWE: CWE-78 Published: 2025-01-02T15:15:24.283
Risk analysis

This vulnerability is rated 🟑 MEDIUM.

  • CVSS: 6.8 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags