This page lists publicly disclosed CVE vulnerabilities affecting lfnovo open-notebook (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-33589 | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal. | a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 | 8.2 | 0.18% | 2026-05-07 | 2026-06-17 |
| CVE-2026-33588 | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal. | a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 | 7.0 | 0.18% | 2026-05-07 | 2026-06-17 |
| CVE-2026-33587 | Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations. | a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 | 9.2 | 0.23% | 2026-05-07 | 2026-06-17 |
| CVE-2026-28201 | An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible. | a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 | 8.7 | 0.06% | 2026-05-07 | 2026-06-17 |