QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-28201

Back to search

CVE-2026-28201

Published: May 7, 2026

Modified: May 7, 2026

PUBLISHED

Description

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.

VendorProductVersions

Open Notebook

Open Notebook

affected
0 - <= 1.8.2

Weaknesses (CWE)

CWE-20
CWE-917
CWE-352

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now