ByteOS Network

NVD Vulnerability Details :

CVE-2026-28201

Received

Source-a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Published At-07 May, 2026 | 11:16

Updated At-07 May, 2026 | 11:16

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 8.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-20	Secondary	a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
CWE-352	Secondary	a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
CWE-917	Secondary	a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

CWE ID: CWE-20

Type: Secondary

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

CWE ID: CWE-352

Type: Secondary

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

CWE ID: CWE-917

Type: Secondary

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

References

Hyperlink	Source	Resource
https://github.com/lfnovo/open-notebook/security/advisories/GHSA-5wj9-f8q5-8f9c	a6d3dc9e-0591-4a13-bce7-0f5b31ff6158	N/A

Hyperlink: https://github.com/lfnovo/open-notebook/security/advisories/GHSA-5wj9-f8q5-8f9c

Source: a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History