Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
AnalysisAI
Path traversal in Open Notebook v1.8.3's file upload allows arbitrary file creation or modification within the Docker container filesystem. Attackers with local access can write files outside intended directories, enabling container escape scenarios, configuration tampering, or privilege escalation by overwriting critical system files. No public exploit identified at time of analysis, but the vulnerability affects default configurations where file upload is accessible.
Technical ContextAI
Open Notebook v1.8.3 suffers from CWE-20 (Improper Input Validation) in its file upload component. The application fails to sanitize user-supplied file paths, allowing directory traversal sequences (../) in upload requests. When deployed in Docker containers, this enables attackers to write beyond the intended upload directory to arbitrary locations within the container filesystem. Path traversal vulnerabilities in containerized applications are particularly dangerous as they can target Docker socket files, escape mechanisms, or volume mount points to affect the host system. The affected product is identified by CPE cpe:2.3:a:open_notebook:open_notebook:*:*:*:*:*:*:*:*, confirming the vulnerability exists across the v1.8.3 release line.
RemediationAI
Upgrade to a patched version of Open Notebook once released by the vendor - monitor https://github.com/lfnovo/open-notebook/security/advisories/GHSA-x4q2-89g5-594v for official fix announcement and version number. No vendor-released patch identified at time of analysis. Immediate compensating controls: implement strict input validation on all file upload paths using allowlist-based filename sanitization (reject any paths containing ../, absolute paths, or special characters); configure Docker container with read-only root filesystem where possible (trade-off: may break legitimate write operations to logs or temp directories); use Docker volume mounts with restricted permissions only for necessary upload directories; run container with minimal capabilities (drop CAP_DAC_OVERRIDE, CAP_CHOWN) to limit file modification scope; implement application-level access controls restricting file upload to authenticated administrators only. If file upload is not required for your use case, disable the feature entirely at the application configuration level. Each mitigation reduces attack surface but may impact functionality - test thoroughly in non-production environments first.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-20 – Improper Input Validation
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28347
GHSA-c7wf-4r4p-4766