CVE-2026-28201

Name of the Vulnerable Software and Affected Versions Open Notebook version 1.8.1

Description Improper input validation combined with an overly permissive default Cross-Origin Resource Sharing (CORS) configuration allows a remote attacker to trick a legitimate user into altering or deleting arbitrary database entries using a specially crafted malicious URL. Depending on the deployment, this may also enable data exfiltration. This issue is a Cross-Site Request Forgery (CSRF), which occurs when an attacker induces a victim to perform actions they do not intend to take.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.