Skip to main content

Jupyter Server EUVDEUVD-2026-34104

| CVE-2026-6657 HIGH
Origin Validation Error (CWE-346)
2026-06-03 @huntr_ai GHSA-v42x-x7jp-845h
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

AC:H because exploitation needs the non-default allow_origin_pat config plus an attacker-controlled lookalike domain; UI:R for the lured victim; PR:N since no server auth is needed and kernel access yields high C/I/A.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Red Hat
6.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jun 30, 2026 - 19:15 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 19:14 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 19:07 vuln.today
cvss_changed
Severity Changed
Jun 30, 2026 - 19:07 NVD
MEDIUM HIGH
CVSS changed
Jun 30, 2026 - 19:07 NVD
6.1 (MEDIUM) 8.8 (HIGH)
Analysis Generated
Jun 03, 2026 - 16:21 vuln.today

DescriptionNVD

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the allow_origin_pat configuration is used. The issue arises from the use of re.match() for validating the Origin header, which only anchors at the start of the string. This allows attacker-controlled domains such as trusted.example.com.evil.com to pass validation against patterns intended to match trusted.example.com. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.

AnalysisAI

Origin validation bypass in Jupyter Server 1.12.0 through 2.17.0 lets remote attackers defeat CORS origin checks whenever the optional allow_origin_pat configuration is enabled. Because origin matching uses re.match() (anchored only at the start of the string), an attacker-controlled lookalike domain such as trusted.example.com.evil.com satisfies a pattern meant to allow only trusted.example.com, exposing CORS-protected responses, WebSocket kernels, referer checks, and login redirects. Publicly available exploit code exists via the huntr report, but EPSS is very low (0.02%) and SSVC rates exploitation as POC-only and not automatable, so there is no evidence of widespread active exploitation.

Technical ContextAI

Jupyter Server is the backend web/REST and WebSocket service that powers JupyterLab, Notebook 7, and many data-science IDEs, exposing kernels capable of executing arbitrary code. The flaw is a classic CWE-346 (Origin Validation Error): the affected versions validate the inbound Origin (and referer) header against the operator-supplied allow_origin_pat regular expression using Python's re.match(), which anchors the pattern at the start but not the end of the string. Without a trailing anchor ($) or fullmatch(), any value that merely begins with the intended host passes, so an attacker-owned suffix-extension domain is accepted. The provided CPE (cpe:2.3:a:jupyter:jupyter/jupyter) is generic; the concretely affected component is the jupyter-server package, and the bug recurs across several call sites - CORS response headers, WebSocket connection acceptance, referer validation, and login redirect handling.

RemediationAI

No vendor-released fixed version is identified in the provided data, and the description indicates all releases through 2.17.0 are vulnerable, so upgrade to the first jupyter-server release published after 2.17.0 once it is confirmed against the project's release notes and the huntr advisory (https://huntr.com/bounties/18f642db-3569-43b3-b58d-ff97be4b09d7); do not assume a version number not stated in the source data. As an immediate compensating control, stop relying on allow_origin_pat and instead use an exact allow_origin allowlist of full origins, which removes the vulnerable regex path entirely (trade-off: you lose wildcard/pattern flexibility and must enumerate each trusted origin). If a pattern is unavoidable, rewrite it to anchor the end of the host and escape the dots (for example ^https://trusted\.example\.com$) so suffix-extension domains are rejected (trade-off: legitimate subdomains must be listed explicitly). Additionally restrict network exposure of the server to trusted users or a VPN and keep token/password authentication enabled to limit the blast radius of any successful cross-origin request.

Vendor StatusVendor

SUSE

Severity: Medium

Share

EUVD-2026-34104 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy