Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

open-notebook

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2026-33588
Assigner-EU Agency for Cybersecurity (ENISA)
ShareView Details
Assigner-EU Agency for Cybersecurity (ENISA)
CVSS Score-7||HIGH
EPSS-0.06% / 19.20%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 10:28
Updated-07 May, 2026 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary File Write Through Path Traversal

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.

Action-Not Available
Vendor-lfnovoOpen Notebook
Product-open-notebookOpen Notebook
CWE ID-CWE-20
Improper Input Validation
CVE-2026-33587
Assigner-EU Agency for Cybersecurity (ENISA)
ShareView Details
Assigner-EU Agency for Cybersecurity (ENISA)
CVSS Score-9.2||CRITICAL
EPSS-0.06% / 19.55%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 10:22
Updated-07 May, 2026 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution (RCE) via Server-Side Template Injection (SSTI)

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

Action-Not Available
Vendor-lfnovoOpen Notebook
Product-open-notebookOpen Notebook
CWE ID-CWE-20
Improper Input Validation