Browse all 4 CVE security advisories affecting Open Notebook. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Open Notebook serves as a collaborative platform for researchers and teams to document and share experimental data and workflows. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with four CVEs currently documented. The application's web interface and file handling mechanisms have been primary attack vectors, allowing unauthorized execution of code or data manipulation. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in similar notebook environments suggests potential risks for organizations deploying Open Notebook without proper hardening and regular security assessments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33589 | Arbitrary File Read via Local File Inclusion (LFI) — Open NotebookCWE-20 | - | - | 2026-05-07 |
| CVE-2026-33588 | Arbitrary File Write Through Path Traversal — Open NotebookCWE-20 | - | - | 2026-05-07 |
| CVE-2026-33587 | Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) — Open NotebookCWE-20 | - | - | 2026-05-07 |
| CVE-2026-28201 | SurrealDB Injection on Open Notebook — Open NotebookCWE-20 | - | - | 2026-05-07 |
This page lists every published CVE security advisory associated with Open Notebook. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.