Improper Input Validation in Open Notebook by lfnovo
CVE-2026-28201

8.7HIGH

Key Information:

Vendor: Open Notebook
Status: Open Notebook
Vendor: CVE Published:; 7 May 2026

🔔 Create Open Notebook Vulnerability Alert

What is CVE-2026-28201?

An improper input validation and an excessively permissive default Cross-Origin Resource Sharing (CORS) configuration in Open Notebook v1.8.1 can be exploited by an attacker. This vulnerability allows a malicious user to craft a deceptive URL that, when accessed by a legitimate user, may lead to unauthorized alterations or deletions of database entries. In some deployment scenarios, this flaw can potentially enable data exfiltration, posing significant risks to data integrity and confidentiality.

Affected Version(s)

Open Notebook 0 <= 1.8.2

References

https://github.com/lfnovo/open-notebook/security/advisori...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Feb 25, 2026

Credit

CERT-EU

CVE-2026-28201 Data

JSON