Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
AnalysisAI
Stored XSS in JetBrains PyCharm's Jupyter notebook Markdown cell renderer allows a remote, unauthenticated attacker to execute arbitrary JavaScript in the context of a victim's PyCharm session by delivering a crafted notebook file. All PyCharm versions prior to 2025.3.4 are affected. The vulnerability carries no KEV listing and no public exploit has been identified at time of analysis, though the low attack complexity and lack of required privileges make opportunistic abuse via shared or repository-hosted notebooks plausible.
Technical ContextAI
PyCharm renders Jupyter notebook (.ipynb) files natively within its IDE environment, including Markdown cells that support HTML and JavaScript. CWE-79 (Improper Neutralization of Input During Web Page Generation - Cross-Site Scripting) indicates that user-controlled content in Markdown cells is not adequately sanitized before being rendered in PyCharm's embedded browser or notebook viewer. The CVSS Scope:Changed attribute confirms that malicious script execution can affect resources or contexts beyond the immediate PyCharm component - consistent with how stored XSS in notebook renderers can reach browser storage, local tokens, or cross-origin contexts depending on the runtime sandbox. The affected CPE is cpe:2.3:a:jetbrains:pycharm:*:*:*:*:*:*:*:*, covering all PyCharm editions (Community and Professional) prior to the patched release.
RemediationAI
Upgrade JetBrains PyCharm to version 2025.3.4 or later, which contains the vendor-released patch as confirmed by the JetBrains security advisory at https://www.jetbrains.com/privacy-security/issues-fixed/. No workaround version details beyond 2025.3.4 are provided in the source data. As a compensating control prior to patching, avoid opening Jupyter notebooks from untrusted sources - this eliminates the stored payload delivery vector. Teams using PyCharm in collaborative or CI-adjacent workflows should restrict which notebooks are auto-opened and enforce code review of .ipynb files in version control, as Markdown cell content is not typically audited for script injection. Disabling Jupyter notebook preview rendering within PyCharm (if togglable via settings) would mitigate exposure at the cost of losing in-IDE notebook visualization.
In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. Rated high se
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible [CVSS 8.2 HIGH]
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible. Rated hig
GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ
JetBrains PyCharm before 2019.2 was allocating a buffer of unknown size for one of the connection processes. Rated high
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible. Rated low severit
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-33392
GHSA-94rv-v2wh-r9wx