What happened
MaxKB, an open-source enterprise AI assistant, does not consistently validate MCP transport type in its tool-import functionality (apps/tools/serializers/tool.py) and MCP referencing mode (apps/application/chat_pipeline/step/chat_step/impl/base_chat_step.py), allowing an authenticated attacker to reference or import tools via unintended transport paths.
Why it matters
MaxKB is an enterprise-deployed AI assistant platform integrating MCP tool servers; inconsistent transport validation in tool import/reference paths could allow bypass of intended trust boundaries for MCP tool invocation, a significant risk for an agentic assistant with tool-calling capability.
Attack vector
Authenticated attacker imports or references an MCP tool/server using an unvalidated transport type, bypassing intended trust restrictions
Affected systems
MaxKB < 2.10.0-lts
Mitigation
Upgrade to MaxKB ≥2.10.0-lts