CVE-2026-33587

UNKNOWN 0.0

Remote Code Execution (RCE) via Server-Side Template Injection (SSTI)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

CWE	CWE-20
Vendor	open notebook
Product	open notebook
Published	May 7, 2026
Last Updated	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for open notebook open notebook

Be the first to know when new unknown vulnerabilities affecting open notebook open notebook are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Open Notebook / Open Notebook

0 ≤ 1.8.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/lfnovo/open-notebook/security/advisories/GHSA-f35w-wx37-26q7

Credits

CERT-EU