HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-28201 — An improper input validation, together with an overly permissive default CORS co...

·Source: NIST NVD

Updated:

Executive Summary

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.

Analysis

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible. CVSS Score: 7.8. Published: 2026-05-07T11:16:00.747.

Indicators of Compromise (1)

CVE (1)
CVE-2026-28201
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)

.. if “unproxyable” is a word that is ..

SANS ISC
MEDIUMVulnerability

Palm payments startup Five ID raises $6 million

Five ID, a London-based startup founded by two former Revoluters, has raised $6 million to support the launch of its palm-based biometric payment system.

Finextra
MEDIUMVulnerability

BaFin preps IT spotlight inspections amidst growing AI cybersecurity risks

German financial regulator BaFin is setting up a division to carry out targeted inspections at firms as it seeks to ward of the threat of AI-enabled cyber attacks on the sector.

Finextra