Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.
AnalysisAI
Path traversal in Open Notebook v1.8.3's file upload functionality allows unauthenticated local users to read arbitrary files from the Docker container filesystem. The vulnerability stems from insufficient input validation, enabling attackers to bypass directory restrictions and access sensitive container files including configuration data, environment variables, and application secrets. CVSS 8.2 (High severity) reflects substantial confidentiality impact across system and container scopes, though no public exploit code or active exploitation has been identified at time of analysis.
Technical ContextAI
Open Notebook is a note-taking application deployed in Docker containers. The vulnerability resides in the file upload handler which fails to sanitize user-supplied file paths (CWE-20: Improper Input Validation). Path traversal attacks exploit this weakness using directory traversal sequences (../, absolute paths, or encoded variants) to escape intended upload directories. In containerized environments, successful exploitation can expose container-specific resources like /proc/self/environ, application configuration files, database credentials, and mounted secrets. The CVSS vector indicates local attack surface (AV:L) with no authentication barrier (PR:N), suggesting the vulnerable endpoint is accessible to users with local container access or application-level permissions.
RemediationAI
Upgrade Open Notebook to a patched version addressing GHSA-842v-h4cj-r646 per the GitHub security advisory at https://github.com/lfnovo/open-notebook/security/advisories/GHSA-842v-h4cj-r646. The advisory should specify the exact fix version, which is not independently confirmed from available data. Until patching, implement strict input validation on all file upload paths using allowlist-based approaches: canonicalize file paths, reject traversal sequences (../, .\, encoded variants), restrict uploads to dedicated directories with chroot-like containment, and verify resolved paths remain within intended boundaries. In Docker deployments, reduce blast radius by running containers with read-only root filesystems where feasible (trade-off: breaks applications requiring write access to system directories), minimizing mounted volumes, using non-root container users, and isolating secrets into ephemeral volumes unmounted after application initialization (trade-off: complicates secret rotation). Network segmentation preventing lateral container access mitigates scope escalation shown in CVSS SC:H metric.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-20 – Improper Input Validation
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28348
GHSA-xfv3-v32f-xwfc