Critical severity10.0NVD Advisory· Published May 7, 2026· Updated May 7, 2026
CVE-2026-33587
CVE-2026-33587
Description
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:lfnovo:open-notebook:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:lfnovo:open-notebook:*:*:*:*:*:*:*:*range: <1.8.4
- (no CPE)range: = 1.8.3
Patches
Vulnerability mechanics
References
1- github.com/lfnovo/open-notebook/security/advisories/GHSA-f35w-wx37-26q7nvdVendor Advisory
News mentions
0No linked articles in our index yet.