Lfnovo Open-notebook
4 CVEs affecting Lfnovo Open-notebook. Latest disclosed: 2026-05-07. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33587 | Critical | 10.0 | 2026-05-07 | Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker contain… |
CVE-2026-33588 | High | 8.1 | 2026-05-07 | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker cont… |
CVE-2026-28201 | High | 7.8 | 2026-05-07 | An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimat… |
CVE-2026-33589 | Medium | 6.5 | 2026-05-07 | Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docke… |