Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.2
CVE-2026-33587: Open Notebook v1.8.3 allows malicious code execution
CVE-2026-33587
Summary
Open Notebook v1.8.3 does not properly check user input, which can lead to malicious code being executed on the server. This can result in unauthorized access to system resources. To fix this issue, update to the latest version of Open Notebook.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| lfnovo | open-notebook |
< 1.8.4 cpe:2.3:a:lfnovo:open-notebook:*:*:*:*:*:*:*:* |
Original title
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection ...
Original description
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
nvd CVSS4.0
9.2
Vulnerability type
CWE-20
Improper Input Validation
Published: 7 May 2026 · Updated: 28 May 2026 · First seen: 7 May 2026