Skip to main content

Open Notebook CVE-2026-33588

| EUVDEUVD-2026-28347 HIGH
Improper Input Validation (CWE-20)
2026-05-07 ENISA GHSA-c7wf-4r4p-4766
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 07, 2026 - 11:30 vuln.today
CVSS changed
May 07, 2026 - 11:22 NVD
7.0 (HIGH)
CVE Published
May 07, 2026 - 10:28 nvd
HIGH 7.0

DescriptionCVE.org

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.

AnalysisAI

Path traversal in Open Notebook v1.8.3's file upload allows arbitrary file creation or modification within the Docker container filesystem. Attackers with local access can write files outside intended directories, enabling container escape scenarios, configuration tampering, or privilege escalation by overwriting critical system files. No public exploit identified at time of analysis, but the vulnerability affects default configurations where file upload is accessible.

Technical ContextAI

Open Notebook v1.8.3 suffers from CWE-20 (Improper Input Validation) in its file upload component. The application fails to sanitize user-supplied file paths, allowing directory traversal sequences (../) in upload requests. When deployed in Docker containers, this enables attackers to write beyond the intended upload directory to arbitrary locations within the container filesystem. Path traversal vulnerabilities in containerized applications are particularly dangerous as they can target Docker socket files, escape mechanisms, or volume mount points to affect the host system. The affected product is identified by CPE cpe:2.3:a:open_notebook:open_notebook:*:*:*:*:*:*:*:*, confirming the vulnerability exists across the v1.8.3 release line.

RemediationAI

Upgrade to a patched version of Open Notebook once released by the vendor - monitor https://github.com/lfnovo/open-notebook/security/advisories/GHSA-x4q2-89g5-594v for official fix announcement and version number. No vendor-released patch identified at time of analysis. Immediate compensating controls: implement strict input validation on all file upload paths using allowlist-based filename sanitization (reject any paths containing ../, absolute paths, or special characters); configure Docker container with read-only root filesystem where possible (trade-off: may break legitimate write operations to logs or temp directories); use Docker volume mounts with restricted permissions only for necessary upload directories; run container with minimal capabilities (drop CAP_DAC_OVERRIDE, CAP_CHOWN) to limit file modification scope; implement application-level access controls restricting file upload to authenticated administrators only. If file upload is not required for your use case, disable the feature entirely at the application configuration level. Each mitigation reduces attack surface but may impact functionality - test thoroughly in non-production environments first.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Share

CVE-2026-33588 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy