Vulnerability Details CVE-2026-33587
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.0%
CVSS Severity
CVSS v3 Score 10.0
Products affected by CVE-2026-33587
-
cpe:2.3:a:lfnovo:open-notebook:0.0.1
-
cpe:2.3:a:lfnovo:open-notebook:0.0.10
-
cpe:2.3:a:lfnovo:open-notebook:0.0.2
-
cpe:2.3:a:lfnovo:open-notebook:0.0.3
-
cpe:2.3:a:lfnovo:open-notebook:0.0.4
-
cpe:2.3:a:lfnovo:open-notebook:0.0.5
-
cpe:2.3:a:lfnovo:open-notebook:0.0.6
-
cpe:2.3:a:lfnovo:open-notebook:0.0.7
-
cpe:2.3:a:lfnovo:open-notebook:0.0.8
-
cpe:2.3:a:lfnovo:open-notebook:0.0.9
-
cpe:2.3:a:lfnovo:open-notebook:0.1.0
-
cpe:2.3:a:lfnovo:open-notebook:0.1.1
-
cpe:2.3:a:lfnovo:open-notebook:0.2.0
-
cpe:2.3:a:lfnovo:open-notebook:0.2.2
-
cpe:2.3:a:lfnovo:open-notebook:0.3.0
-
cpe:2.3:a:lfnovo:open-notebook:0.3.1
-
cpe:2.3:a:lfnovo:open-notebook:0.3.2
-
cpe:2.3:a:lfnovo:open-notebook:1.0.1
-
cpe:2.3:a:lfnovo:open-notebook:1.0.8
-
cpe:2.3:a:lfnovo:open-notebook:1.1.0
-
cpe:2.3:a:lfnovo:open-notebook:1.2.0
-
cpe:2.3:a:lfnovo:open-notebook:1.2.4
-
cpe:2.3:a:lfnovo:open-notebook:1.3.0
-
cpe:2.3:a:lfnovo:open-notebook:1.3.1
-
cpe:2.3:a:lfnovo:open-notebook:1.4.0
-
cpe:2.3:a:lfnovo:open-notebook:1.5.0
-
cpe:2.3:a:lfnovo:open-notebook:1.6.2
-
cpe:2.3:a:lfnovo:open-notebook:1.7.0
-
cpe:2.3:a:lfnovo:open-notebook:1.7.1
-
cpe:2.3:a:lfnovo:open-notebook:1.7.2
-
cpe:2.3:a:lfnovo:open-notebook:1.7.3
-
cpe:2.3:a:lfnovo:open-notebook:1.7.4
-
cpe:2.3:a:lfnovo:open-notebook:1.8.0
-
cpe:2.3:a:lfnovo:open-notebook:1.8.1
-
cpe:2.3:a:lfnovo:open-notebook:1.8.2
-
cpe:2.3:a:lfnovo:open-notebook:1.8.3