Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-33587 -- CVSS 10.0 Vulnerability Briefing

CVE-2026-33587 | CVSS 10.0 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-33587 is a Server-Side Template Injection (SSTI) vulnerability in Lfnovo's Open-Notebook v1.8.3, a self-hosted notebook application, that allows an authenticated user to inject and execute arbitrary Python code through unsanitized input fields.

Technical Detail

The flaw stems from a failure to sanitize user-supplied input before it is processed by the application's templating engine, enabling an attacker to craft malicious template expressions that are evaluated server-side. Successful injection results in arbitrary Python code execution within the application's Docker container context, which can be leveraged to execute OS-level commands, access the container filesystem, or attempt container escape depending on the deployment configuration. The impact is rated as full remote code execution (RCE), earning a maximum CVSS score of 10.0.

Exploitation Status

No known exploit code has been publicly observed or confirmed at this time, and this CVE is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, meaning active in-the-wild exploitation has not been documented as of May 14, 2026. However, SSTI vulnerabilities of this class are well-understood and frequently weaponized quickly once details become public.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence sources.

What To Do

Organizations running Open-Notebook v1.8.3 should treat this as a high-priority remediation given the maximum CVSS score and the RCE impact. Check for an updated release from Lfnovo that addresses input sanitization in the templating layer and apply it immediately. If no patch is yet available, restrict access to the Open-Notebook instance to trusted users only, enforce network-level controls to limit exposure, and review Docker container configurations to apply least-privilege principles and restrict container capabilities. Monitor application logs for anomalous template syntax in user input fields as a detection signal.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →