The vulnerability resides in Open Notebook version 1.8.3 where user input is not properly sanitized in the server‑side template engine. This flaw permits a user‑created transformation to embed arbitrary Python code that the application executes, and the Python interpreter can in turn invoke OS commands. The result is full remote code execution with the privileges of the Docker container running the application. The weakness is an instance of insecure input validation as identified by CWE‑20. Based on the description, it is inferred that an attacker can embed malicious code into a permitted transformation, leading to arbitrary command execution.

Open Notebook is the vendor and the product affected. The reported version that contains the flaw is v1.8.3. No other versions are specified or known from the current advisory. It is inferred from the product name that the vulnerability applies to the web-based interface of Open Notebook.

The CVSS score of 9.2 classifies the flaw as critical. EPSS data indicates a very low exploitation probability (<1%), but the high CVSS score still highlights a significant risk. The vulnerability is not listed in CISA’s KEV catalog, yet it can be exploited remotely through the web interface that accepts user‑created transformations. The likely attack vector is the creation of a malicious transformation via the application’s UI, which is inferred from the description that the flaw is triggered by user input. Successful exploitation would give an attacker arbitrary command execution inside the container and potentially beyond, depending on container permissions.