CVE-2026-33587CRITICAL 10.0EPSS p13.5%

CVE-2026-33587CVE-2026-33587

Description

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.23% probability of exploitation · percentile 13.5% · 2026-06-19T12:03:05Z
Published2026-05-07
Last modified2026-05-07

Underlying weaknesses· 1

CWE-20

References

  1. https://github.com/lfnovo/open-notebook/security/advisories/GHSA-f35w-wx37-26q7

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33588
CVE
CVE-2026-36576
CVE
CVE-2025-25362
CVE
CVE-2025-45479
CVE
CVE-2026-45672
CVE
CVE-2026-22908
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.