VYPR
Critical severity10.0NVD Advisory· Published May 7, 2026· Updated May 7, 2026

CVE-2026-33587

CVE-2026-33587

Description

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:lfnovo:open-notebook:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:lfnovo:open-notebook:*:*:*:*:*:*:*:*range: <1.8.4
    • (no CPE)range: = 1.8.3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.