PT-2026-38419 · Unknown · Open Notebook
Cert-Eu
·
Published
2026-05-07
·
Updated
2026-05-07
·
CVE-2026-33588
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open Notebook version 1.8.3
Description
Insufficient user input validation in the file upload functionality allows an authenticated user to create or modify files within the docker container using path traversal, a technique used to access files and directories that are stored outside the intended folder.
Recommendations
Update Open Notebook to a version later than 1.8.3.
As a temporary workaround, restrict access to the file upload functionality to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Notebook