Description
Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Notebook Name field, and trigger an application crash when attempting to create and save the notebook.
Published: 2026-05-25
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Notebook Pro 2.0 allows a local attacker to crash the application by providing an excessively long notebook name. The flaw occurs when a user creates a new notebook and pastes a string of 500 or more characters into the name field, causing the program to crash on creation or saving. The issue is a classic input validation problem, reflected by CWE-789, and results in a temporary loss of availability of the application for the offending user or process.

Affected Systems

The product impacted is Stokedonit Notebook Pro version 2.0. No narrower version range is known beyond this major/minor release, and no other Stokedonit products are listed as affected.

Risk and Exploitability

The CVSS score of 6.9 indicates medium severity, and the exploit probability is currently unknown as the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. Attackers must have local access to the system and a user account that can launch the application, making the exploit straightforward for a local user. Such local exploitation can readily cause the application to crash, denying service to the user and potentially disrupting workflow or data input.

Generated by OpenCVE AI on May 25, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied update that limits notebook name length or validates input strings
  • Configure the application or operating system to disallow the use of arbitrarily long strings in file names
  • Limit user accounts that can create notebooks to reduce the potential impact of local denial of service attempts

Generated by OpenCVE AI on May 25, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Notebook Name field, and trigger an application crash when attempting to create and save the notebook.
Title Notebook Pro 2.0 Denial of Service via Notebook Name Field
Weaknesses CWE-789
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-25T14:15:21.440Z

Reserved: 2026-05-25T14:03:32.529Z

Link: CVE-2018-25378

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T15:30:06Z

Weaknesses