Skip to main content

Open Notebook CVE-2026-33589

| EUVDEUVD-2026-28348 HIGH
Improper Input Validation (CWE-20)
2026-05-07 ENISA GHSA-xfv3-v32f-xwfc
8.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 07, 2026 - 11:31 vuln.today
CVSS changed
May 07, 2026 - 11:22 NVD
8.2 (HIGH)
CVE Published
May 07, 2026 - 10:31 nvd
HIGH 8.2

DescriptionCVE.org

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.

AnalysisAI

Path traversal in Open Notebook v1.8.3's file upload functionality allows unauthenticated local users to read arbitrary files from the Docker container filesystem. The vulnerability stems from insufficient input validation, enabling attackers to bypass directory restrictions and access sensitive container files including configuration data, environment variables, and application secrets. CVSS 8.2 (High severity) reflects substantial confidentiality impact across system and container scopes, though no public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

Open Notebook is a note-taking application deployed in Docker containers. The vulnerability resides in the file upload handler which fails to sanitize user-supplied file paths (CWE-20: Improper Input Validation). Path traversal attacks exploit this weakness using directory traversal sequences (../, absolute paths, or encoded variants) to escape intended upload directories. In containerized environments, successful exploitation can expose container-specific resources like /proc/self/environ, application configuration files, database credentials, and mounted secrets. The CVSS vector indicates local attack surface (AV:L) with no authentication barrier (PR:N), suggesting the vulnerable endpoint is accessible to users with local container access or application-level permissions.

RemediationAI

Upgrade Open Notebook to a patched version addressing GHSA-842v-h4cj-r646 per the GitHub security advisory at https://github.com/lfnovo/open-notebook/security/advisories/GHSA-842v-h4cj-r646. The advisory should specify the exact fix version, which is not independently confirmed from available data. Until patching, implement strict input validation on all file upload paths using allowlist-based approaches: canonicalize file paths, reject traversal sequences (../, .\, encoded variants), restrict uploads to dedicated directories with chroot-like containment, and verify resolved paths remain within intended boundaries. In Docker deployments, reduce blast radius by running containers with read-only root filesystems where feasible (trade-off: breaks applications requiring write access to system directories), minimizing mounted volumes, using non-root container users, and isolating secrets into ephemeral volumes unmounted after application initialization (trade-off: complicates secret rotation). Network segmentation preventing lateral container access mitigates scope escalation shown in CVSS SC:H metric.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Share

CVE-2026-33589 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy