{"id":"CVE-2026-56779","summary":"MaxKB \u003c 2.10.0 - Server-Side Request Forgery via downloadCallbackUrl and download_url Parameters","details":"MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and download_url parameters. Attackers with default workspace USER role can exploit this to access internal network services by providing malicious URLs to the ToolSerializer endpoints.","modified":"2026-06-26T04:11:18.587680573Z","published":"2026-06-25T18:11:12.206Z","database_specific":{"cna_assigner":"VulnCheck","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56779.json","cwe_ids":["CWE-918"]},"references":[{"type":"PACKAGE","url":"https://github.com/1Panel-dev/MaxKB"},{"type":"FIX","url":"https://github.com/1Panel-dev/MaxKB/commit/6c156afc656afa62ea4280e504a06ac1c9696b36"},{"type":"EVIDENCE","url":"https://github.com/1Panel-dev/MaxKB/issues/6272"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56779.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-56779"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/maxkb-server-side-request-forgery-via-downloadcallbackurl-and-download-url-parameters"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/1panel-dev/maxkb","events":[{"introduced":"0"},{"fixed":"38b14370988d20100f91444572e26f8a400828be"}],"database_specific":{"source":"AFFECTED_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"2.10.0"}]}}],"versions":["v2.9.2","v2.9.1","v2.9.0","v2.8.1","v2.8.0","v2.7.0","v2.6.1","v2.6.0","v2.5.0","v2.4.0","v2.3.0","v2.2.0","v2.1.0","v2.0.2","v2.0.1","v2.0.0","v1.10.4-lts","v1.10.3-lts","v1.10.2-lts","v1.10.1-lts","v1.10.0-lts","v1.9.0","v1.7.0","v1.6.1","v1.6.0","v1.5.0","v1.4.0","v1.3.0","v1.2.1","v1.2.0","v1.1.3","v1.1.2","v1.1.1","v1.1.0","v1.0.1","v1.0.0","v0.9.1","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-56779.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N"}]}