CVE-2024-56137: MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large
Summary
CVE-2024-56137 is a remote command execution vulnerability (a flaw that lets attackers run system commands from a distance) in MaxKB, an open source knowledge base system that uses RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions). Before version 1.9.0, privileged users could execute operating system commands through custom scripts, but this weakness has been patched in the newer version.
Solution / Mitigation
The vulnerability has been fixed in v1.9.0.
Vulnerability Details
6.8(medium)
EPSS: 3.1%
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-56137
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%