Executive Summary

The vulnerability CVE-2026-33589 exists in the open-notebook package version 1.8.3 and earlier. It is caused by a lack of proper validation of user input in the file upload functionality, specifically in the POST /api/sources endpoint with the type=upload parameter.

An authenticated user can exploit this vulnerability to perform a Local File Inclusion (LFI) attack by specifying arbitrary file paths. This allows the attacker to read sensitive files inside the Docker container, such as system files (/etc/passwd), environment variables, source code, configuration files, and secrets.

The root cause is that the file_path parameter is passed directly to the content extraction process without ensuring it stays within the intended uploads directory, enabling path traversal attacks.

A patch was released in version 1.8.4 that fixes this by validating the file_path to ensure it remains within the uploads directory using Path.resolve() and startswith() checks.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthorized access to sensitive files within the Docker container, including configuration files, secrets, and environment variables containing encryption keys. This unauthorized access can lead to exposure of personal data or protected health information, which may result in non-compliance with data protection regulations such as GDPR and HIPAA.

Specifically, the lack of input validation enabling Local File Inclusion (LFI) attacks increases the risk of data breaches, which are subject to strict reporting and remediation requirements under these standards.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a significant impact by allowing an attacker with access to the application to read arbitrary files within the Docker container.

• Exposure of sensitive system files such as /etc/passwd.
• Access to environment variables that may contain encryption keys or secrets.
• Disclosure of source code and configuration files, which could aid further attacks.

Overall, this leads to a high confidentiality impact, potentially compromising the security and integrity of the system and its data.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to exploit the Local File Inclusion (LFI) via the POST /api/sources endpoint using the type=upload parameter. Specifically, you can test if the application improperly allows access to arbitrary file paths such as /etc/passwd or /proc/self/environ.

A practical detection method involves sending crafted HTTP POST requests to the vulnerable endpoint to check if file contents outside the intended uploads directory are returned.

Example command using curl to test for the vulnerability:

• curl -X POST http://<target>/api/sources -d '{"type":"upload", "file_path":"/etc/passwd"}' -H 'Content-Type: application/json'

If the response contains the contents of /etc/passwd or other sensitive files, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the open-notebook package to version 1.8.4 or later, where the vulnerability has been patched.

The patch ensures that the file_path parameter is validated to remain within the uploads directory using Path.resolve() and startswith() checks, preventing path traversal attacks.

Until the upgrade can be applied, restrict access to the vulnerable endpoint to trusted users only and monitor for suspicious POST requests to /api/sources with unusual file_path parameters.

Useful 0 Not Useful 0