CVE-2026-45413

MaxKB is an open-source AI assistant for enterprise

Published: 2026-05-26 · Last updated: 2026-05-27

Severity and scoring

CWE: CWE-328

Description

MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute force (hashcat). This vulnerability is fixed in 2.9.1.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-45413
[Other]https://github.com/1Panel-dev/MaxKB/security/advisories/GHSA-2m4c-mcq5-q8xq

Related CVEs

Same CWE

CVE-2026-48488 — phpMyFAQ is an open source FAQ web application
CVE-2026-11481 — A vulnerability was determined in yoanbernabeu grepai up to 0.35.0 (2.5 LOW)
CVE-2026-11479 — A vulnerability has been found in yoanbernabeu grepai 0.35.0 (4.2 MEDIUM)
CVE-2026-11330 — A weakness has been identified in thedotmack claude-mem up to 11.0.1 (3.6 LOW)
CVE-2026-11329 — A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0 (3.6 LOW)