Can you explain this vulnerability to me?

CVE-2026-6108 is a Remote Code Execution (RCE) vulnerability in MaxKB (version up to 2.6.1) caused by improper validation of Model Context Protocol (MCP) server configurations.

The vulnerability arises because MaxKB attempts to restrict MCP transport types to a whitelist containing only "sse" and "streamable_http", but this validation is only applied in the MCP servers listing API endpoint and is bypassed during application workflow editing and execution.

Specifically, the edit() method saves MCP server configurations directly into the database without validation, and the execute() method loads and uses these configurations without checking them. This allows an attacker to inject arbitrary shell commands via a specially crafted MCP server transport configuration using the "stdio" transport type.

When the workflow containing this malicious configuration is executed, the attacker-controlled commands run on the MaxKB server, leading to remote code execution.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability allows an attacker with access to the workflow editing functionality to execute arbitrary shell commands on the MaxKB server remotely.

The impact includes potential full compromise of the affected server, unauthorized access to sensitive data, disruption of services, and the ability to install malware or pivot to other systems within the network.

Because the exploit is publicly available and the vulnerability is remotely exploitable, the risk of attack is significant if the affected version is in use and not patched.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for unusual or unauthorized modifications to MCP server configurations, especially those involving the 'stdio' transport type which allows command injection.

Since the exploit involves injecting arbitrary shell commands via the workflow edit endpoint, you can look for suspicious API calls to the PUT /api/workspace/{workspace_id}/application/{application_id}/edit endpoint that include MCP server configurations with transport types outside the whitelist ("sse" and "streamable_http"), particularly "stdio".

Suggested commands to detect potential exploitation attempts include:

• Inspect web server or application logs for PUT requests to the edit endpoint containing 'stdio' or suspicious command strings, e.g., using grep: `grep -i 'stdio' /var/log/maxkb/access.log`
• Monitor running processes or command history for unexpected shell commands that could be injected, e.g., `ps aux | grep bash` or `history | grep id`
• Check the database entries for MCP server configurations containing non-whitelisted transport types by querying the relevant tables storing MCP configurations.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the affected MaxKB component to a fixed version released by the vendor that improves whitelist validation and blocks non-whitelisted transports during all relevant operations.

Until an upgrade can be applied, restrict access to the workflow edit API endpoint (PUT /api/workspace/{workspace_id}/application/{application_id}/edit) to trusted and authenticated users only, and monitor for suspicious activity.

Additionally, review and sanitize MCP server configurations stored in the system to remove any entries using the 'stdio' transport or other unauthorized transport types.

Implement network-level controls to limit exposure of the MaxKB server to untrusted networks.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how CVE-2026-6108 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0