CVE-2026-6108 | 1Panel-dev MaxKB up to 2.6.1 Model Context Protocol Node base_mcp_node.py execute os command injection

A vulnerability identified as critical has been detected in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection.

This vulnerability is reported as CVE-2026-6108. The attack is possible to be carried out remotely. Moreover, an exploit is present.

You should upgrade the affected component.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-6108 | 1Panel-dev MaxKB up to 2.6.1 Model Context Protocol Node base_mcp_node.py execute os command injection

Post correlati

CVE-2025-12543 | Undertow Header Host server-side request forgery

CVE-2024-21474 | Qualcomm Snapdragon up to X65 5G Modem-RF System stack-based overflow

CVE-2024-51164 | JEPaaS 7.2.8 Query insertBtnLog sql injection

CVE-2024-13305 | Drupal Entity Form Steps up to 1.1.3 cross site scripting