CVE-2026-33709

| EUVD-2026-18880 MEDIUM
2026-04-03 GitHub_M GHSA-3vff-hjqv-m7h8
5.1
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

4
Patch Released
Apr 04, 2026 - 02:30 nvd
Patch available
Analysis Generated
Apr 03, 2026 - 22:15 vuln.today
EUVD ID Assigned
Apr 03, 2026 - 22:15 euvd
EUVD-2026-18880
CVE Published
Apr 03, 2026 - 22:00 nvd
MEDIUM 5.1

Tags

Open Redirect

Description

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a JupyterHub page, bypassing JupyterHub's check to prevent this. This issue has been patched in version 5.4.4.

Analysis

Open redirect vulnerability in JupyterHub prior to version 5.4.4 allows unauthenticated remote attackers to craft malicious links that bypass JupyterHub's redirect validation, redirecting users through the legitimate login page to arbitrary attacker-controlled sites. This enables phishing attacks and credential harvesting by leveraging JupyterHub's trusted domain to establish credibility. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

26
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: 0

Share

CVE-2026-33709 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy