PT-2026-38420 · Unknown · Open Notebook
Cert-Eu
·
Published
2026-05-07
·
Updated
2026-05-07
·
CVE-2026-33589
CVSS v4.0
8.2
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Open Notebook version 1.8.3
Description
Insufficient user input validation in the file upload functionality allows an application user to access local file content from the docker container through path traversal, a technique used to access files and directories that are stored outside the web root folder.
Recommendations
Update Open Notebook version 1.8.3 to a version that addresses this issue. As a temporary workaround, restrict access to the file upload functionality to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Notebook