CVE-2026-28201
HIGH NVDCVSS Score
7.8
Severity
HIGH
Source
NVD
Published
May 07, 2026
Description
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.