Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AC:H because exploitation needs the non-default allow_origin_pat config plus an attacker-controlled lookalike domain; UI:R for the lured victim; PR:N since no server auth is needed and kernel access yields high C/I/A.
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionNVD
A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the allow_origin_pat configuration is used. The issue arises from the use of re.match() for validating the Origin header, which only anchors at the start of the string. This allows attacker-controlled domains such as trusted.example.com.evil.com to pass validation against patterns intended to match trusted.example.com. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.
AnalysisAI
Origin validation bypass in Jupyter Server 1.12.0 through 2.17.0 lets remote attackers defeat CORS origin checks whenever the optional allow_origin_pat configuration is enabled. Because origin matching uses re.match() (anchored only at the start of the string), an attacker-controlled lookalike domain such as trusted.example.com.evil.com satisfies a pattern meant to allow only trusted.example.com, exposing CORS-protected responses, WebSocket kernels, referer checks, and login redirects. Publicly available exploit code exists via the huntr report, but EPSS is very low (0.02%) and SSVC rates exploitation as POC-only and not automatable, so there is no evidence of widespread active exploitation.
Technical ContextAI
Jupyter Server is the backend web/REST and WebSocket service that powers JupyterLab, Notebook 7, and many data-science IDEs, exposing kernels capable of executing arbitrary code. The flaw is a classic CWE-346 (Origin Validation Error): the affected versions validate the inbound Origin (and referer) header against the operator-supplied allow_origin_pat regular expression using Python's re.match(), which anchors the pattern at the start but not the end of the string. Without a trailing anchor ($) or fullmatch(), any value that merely begins with the intended host passes, so an attacker-owned suffix-extension domain is accepted. The provided CPE (cpe:2.3:a:jupyter:jupyter/jupyter) is generic; the concretely affected component is the jupyter-server package, and the bug recurs across several call sites - CORS response headers, WebSocket connection acceptance, referer validation, and login redirect handling.
RemediationAI
No vendor-released fixed version is identified in the provided data, and the description indicates all releases through 2.17.0 are vulnerable, so upgrade to the first jupyter-server release published after 2.17.0 once it is confirmed against the project's release notes and the huntr advisory (https://huntr.com/bounties/18f642db-3569-43b3-b58d-ff97be4b09d7); do not assume a version number not stated in the source data. As an immediate compensating control, stop relying on allow_origin_pat and instead use an exact allow_origin allowlist of full origins, which removes the vulnerable regex path entirely (trade-off: you lose wildcard/pattern flexibility and must enumerate each trusted origin). If a pattern is unavoidable, rewrite it to anchor the end of the host and escape the dots (for example ^https://trusted\.example\.com$) so suffix-extension domains are rejected (trade-off: legitimate subdomains must be listed explicitly). Additionally restrict network exposure of the server to trusted users or a VPN and keep token/password authentication enabled to limit the blast radius of any successful cross-origin request.
More in Jupyter Jupyter
View allSame weakness CWE-346 – Origin Validation Error
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: MediumShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34104
GHSA-v42x-x7jp-845h