Which versions of Open Notebook are affected by CVE-2026-33589?

Open Notebook v1.8.3 contains a path traversal vulnerability in its file upload feature that allows unauthenticated attackers to read arbitrary files from the Docker container filesystem, including…

Open Notebook CVE-2026-33589

Q: What is the CVSS score of CVE-2026-33589?

CVE-2026-33589 has a CVSS 4.0 base score of 8.2 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-28348 HIGH

Improper Input Validation (CWE-20)

2026-05-07 ENISA

GHSA-xfv3-v32f-xwfc

Docker Path Traversal File Upload

8.2

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 07, 2026 - 11:31 vuln.today

CVSS changed

May 07, 2026 - 11:22 NVD

8.2 (HIGH)

CVE Published

May 07, 2026 - 10:31 nvd

HIGH 8.2

DescriptionNVD

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.

AnalysisAI

Path traversal in Open Notebook v1.8.3's file upload functionality allows unauthenticated local users to read arbitrary files from the Docker container filesystem. The vulnerability stems from insufficient input validation, enabling attackers to bypass directory restrictions and access sensitive container files including configuration data, environment variables, and application secrets. …

RemediationAI

Within 24 hours: Identify all systems running Open Notebook v1.8.3 and isolate affected instances from production networks if feasible; document affected asset inventory. Within 7 days: Implement network-level access controls restricting file upload functionality to authorized users only; review container logs for suspicious file access patterns; rotate all secrets and credentials potentially exposed on affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-33589 vulnerability details – vuln.today

Back

Open Notebook CVE-2026-33589

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Open Notebook CVE-2026-33589

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code