CVE-2026-33587
CriticalSummary
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
Risk Assessment
Exploitation of this vulnerability may lead to unauthorized access to the system and execution of arbitrary commands in the container, posing a serious threat to the application's and data's security.
Recommendation
It is recommended to implement proper input sanitisation mechanisms and update to the latest version of Open Notebook to minimize the risk associated with this vulnerability.
Original NVD description (English source)
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

