Skip to main content

Open Notebook

1 CVEs product

Monthly

CVE-2026-28201 HIGH This Week

Cross-site request forgery (CSRF) in Open Notebook v1.8.1 enables remote attackers to manipulate or delete database entries through social engineering attacks. The vulnerability combines input validation flaws (CWE-20) with overly permissive default CORS settings, allowing malicious sites to send authenticated requests on behalf of legitimate users. Attackers craft malicious URLs that, when clicked by authenticated users, execute unauthorized database operations including data modification, deletion, and potential exfiltration depending on deployment configuration. No public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Open Notebook
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
EPSS 0% CVSS 8.7
HIGH This Week

Cross-site request forgery (CSRF) in Open Notebook v1.8.1 enables remote attackers to manipulate or delete database entries through social engineering attacks. The vulnerability combines input validation flaws (CWE-20) with overly permissive default CORS settings, allowing malicious sites to send authenticated requests on behalf of legitimate users. Attackers craft malicious URLs that, when clicked by authenticated users, execute unauthorized database operations including data modification, deletion, and potential exfiltration depending on deployment configuration. No public exploit code or active exploitation confirmed at time of analysis.

Information Disclosure Open Notebook
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy