Arbitrary File Read via Local File Inclusion (LFI)_CVE-2026-33589

8.2 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Description

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.

Basic Information

ID CVE-2026-33589

Source ENISA

Published May 7, 2026 at 10:31

Affected Product

Vendor Open Notebook

Product Open Notebook

Affected Versions Open Notebook Open Notebook 0

CWE Classification

CWE-20

References

github.com /lfnovo/open-notebook/security/advisories/GHSA-842v-h4cj-r646

{
    "lastseen": "",
    "description": "Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.",
    "published": "2026-05-07T10:31:52.831Z",
    "modified": "2026-05-07T10:31:52.831Z",
    "type": "cve",
    "title": "Arbitrary File Read via Local File Inclusion (LFI)",
    "source": "ENISA",
    "references": "https://github.com/lfnovo/open-notebook/security/advisories/GHSA-842v-h4cj-r646",
    "id": "CVE-2026-33589",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "Open Notebook Open Notebook 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Open Notebook",
    "version": "0",
    "vendor": "Open Notebook",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}