EXECUTIVE SUMMARY:
CVE-2026-44727 with a CVSS score of 9.3 is a critical stored cross-site scripting (XSS) vulnerability in the Jupyter Server, specifically affecting versions of the jupyter-server package less than or equal to 2.19.0. This vulnerability occurs due to the nbconvert HTTP handlers rendering user-authored notebook HTML without a sandbox directive in their Content-Security-Policy, combined with the non-sanitizing behavior of nbconvert.HTMLExporter, allowing an attacker to inject malicious HTML payloads. An attacker can exploit this vulnerability by tricking an authenticated victim into navigating to a malicious notebook HTML page, requiring access to the Jupyter Server and the ability to upload malicious notebooks. Upon successful exploitation, the attacker gains the capability to execute scripts in the Jupyter origin, potentially leading to token exfiltration, full API authority, and even kernel remote code execution. The business impact of this vulnerability is significant, as it can result in unauthorized access to sensitive data and systems, compromising the security and integrity of the Jupyter Server environment, and this exploitation requires the attacker to have the ability to upload malicious content and have an authenticated victim access the malicious page.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-44727 with a CVSS score of 9.3 is a critical stored cross-site scripting (XSS) vulnerability in the Jupyter Server, specifically affecting versions of the jupyter-server package less than or equal to 2.19.0. This vulnerability occurs due to the nbconvert HTTP handlers rendering user-authored notebook HTML without a sandbox directive in their Content-Security-Policy, combined with the non-sanitizing behavior of nbconvert.HTMLExporter, allowing an attacker to inject malicious HTML payloads. An attacker can exploit this vulnerability by tricking an authenticated victim into navigating to a malicious notebook HTML page, requiring access to the Jupyter Server and the ability to upload malicious notebooks. Upon successful exploitation, the attacker gains the capability to execute scripts in the Jupyter origin, potentially leading to token exfiltration, full API authority, and even kernel remote code execution. The business impact of this vulnerability is significant, as it can result in unauthorized access to sensitive data and systems, compromising the security and integrity of the Jupyter Server environment, and this exploitation requires the attacker to have the ability to upload malicious content and have an authenticated victim access the malicious page.[emaillocker id="1283"]
RECOMMENDATION:
We recommend you to update jupyter-server to version 2.20.0.
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-fcw5-x6j4-ccmp