VYPR
High severity7.8NVD Advisory· Published May 7, 2026· Updated May 7, 2026

CVE-2026-28201

CVE-2026-28201

Description

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:lfnovo:open-notebook:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:lfnovo:open-notebook:*:*:*:*:*:*:*:*range: <1.8.3
    • (no CPE)range: = v1.8.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.