Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2026-33588

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.

VectorNETWORK

PublishedMay 07, 2026, 11:16

Published Bya6d3dc9e-0591-4a13-bce7-0f5b31ff6158

Base Score

Score8.1

Affected Versions

No affected versions found.

References

https://github.com/lfnovo/open-notebook/security/advisories/GHSA-x4q2-89g5-594v

Weakness Type

NVD-CWE-noinfo

CVSS Metrics

Base Score

Vector String

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base SeverityHigh

Version

4.0

Attack Vector (AV)

LOCAL