A vulnerability was found in 1Panel-dev MaxKB up to 2.7.x . It has been declared as problematic . The affected element is an unknown function. Executing a manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2026-39426 . The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.