CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-33587 — Lack of user input sanitisation in Open Notebook v1.8.3 allows the application u...

·Source: NIST NVD

Updated:

Executive Summary

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

Analysis

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations. CVSS Score: 10. Published: 2026-05-07T11:16:00.887.

Indicators of Compromise (1)

CVE (1)
CVE-2026-33587
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

FCC Softens Ban on Foreign-Made Routers

The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.

Dark Reading
MEDIUMVulnerability

Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent

In addition to fines, Texas is asking a judge to prevent Netflix from illegally collecting and sharing user data and to mandate that the company no longer use autoplay by default on kids’ profiles.

The Record
MEDIUMVulnerability

Tech Can't Stop These Threats — Your People Can

Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.

Dark Reading