Skip to main content

Jupyter Notebook CVE-2026-40171

HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-04-30 https://github.com/jupyter/notebook GHSA-rch3-82jr-f9w9
XSS RCE Nvidia Suse
8.4
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
A
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
May 06, 2026 - 20:22 vuln.today
cvss_changed
CVSS changed
May 06, 2026 - 20:22 NVD
8.4 (HIGH)
Source Code Evidence Fetched
Apr 30, 2026 - 17:47 vuln.today
Analysis Generated
Apr 30, 2026 - 17:47 vuln.today
Analysis Generated
Apr 30, 2026 - 17:30 vuln.today
CVE Published
Apr 30, 2026 - 17:25 nvd
HIGH

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on @jupyterlab/help-extension (1 direct, 0 indirect)
  • 3,785 pypi packages depend on jupyterlab (892 direct, 2,967 indirect)
  • 2 pypi packages depend on notebook (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 4.5.7 and other introduced versions.

DescriptionNVD

Impact

A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction).

The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to:

  1. Read all files
  2. Modify/create files
  3. Access running kernels and execute arbitrary code
  4. Create terminals for shell access

Patches

Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability.

Workarounds

The help extension can be disabled via CLI:

jupyter labextension disable @jupyter-notebook/help-extension
jupyter labextension disable @jupyterlab/help-extension

Hardening

The patched versions include a toggle to disable the command linker functionality altogether, for example via overrides.json:

json
{
  "@jupyterlab/apputils-extension:sanitizer": {
    "allowCommandLinker": false
  }
}

Resources

  • https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files

Acknowledgments

Reported by Daniel Teixeira - NVIDIA AI Red Team

AnalysisAI

Stored XSS in Jupyter Notebook's CommandLinker feature enables authentication token theft through malicious notebook files, leading to complete account takeover. Attackers craft notebook files with disguised controls that, when clicked once by victims, execute arbitrary code via the Jupyter REST API, granting full filesystem access and kernel control. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Jupyter Notebook and JupyterLab deployments across the organization and disable sharing of notebook files from untrusted sources until patching is complete. Within 7 days: Deploy Jupyter Notebook 7.5.6 or JupyterLab 4.5.7 to all affected systems; verify no notebooks from external sources have been opened since vulnerability disclosure. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
CVE-2026-46017
May 27

In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration

Vendor StatusVendor

Share

CVE-2026-40171 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy