A vulnerability has been found in 1Panel-dev MaxKB up to 2.10.0 and classified as problematic. This issue affects some unknown processing of the file apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py of the component MCP Referencing Mode. The manipulation leads to deserialization.
This vulnerability is listed as CVE-2026-54149. The attack may be initiated remotely. There is no available exploit.