CVE-2026-33587

Name of the Vulnerable Software and Affected Versions Open Notebook version 1.8.3

Description Insufficient user input sanitization allows an application user to perform Server-Side Template Injection (SSTI), a flaw where an attacker can inject malicious templates into a server-side engine. This enables the execution of Python code and subsequent operating system commands within the docker container through user-created transformations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.