HIGHCVE-2026-33588Published 2026-05-07Modified 2026-05-07CNA ENISA

CVE-2026-33588: Arbitrary File Write Through Path Traversal

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.

CVSS v4.0: 7.0
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Open Notebook / Open Notebook
≤ 1.8.3

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

References

github.com

Metrics