CVE-2026-33587 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: May 7, 2026
Open Notebook - Server-Side Template Injection
Published: May 7, 2026Updated: May 7, 2026Remote Exploitable
Overview
Open Notebook v1.8.3 contains a server-side template injection caused by lack of user input sanitisation in user-created transformations, letting application users execute Python code and OS commands on the docker container, exploit requires user access.
Severity & Score
Severity: Critical
CVSS Score: 10.0
Impact
Application users can execute arbitrary Python code and OS commands on the docker container, potentially leading to full system compromise.
Mitigation
Update to the latest version with input sanitisation fixes.
Related Resources
Details
- CVE ID
- CVE-2026-33587
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- template_injection
- Status
- confirmed
CWE
- CWE-20
- NVD-CWE-noinfo
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H