CVE-2026-33589

UNKNOWN 0.0

Arbitrary File Read via Local File Inclusion (LFI)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.

CWE	CWE-20
Vendor	open notebook
Product	open notebook
Published	May 7, 2026
Last Updated	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for open notebook open notebook

Be the first to know when new unknown vulnerabilities affecting open notebook open notebook are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Open Notebook / Open Notebook

0 ≤ 1.8.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/lfnovo/open-notebook/security/advisories/GHSA-842v-h4cj-r646

Credits

CERT-EU