Jupyter Server CORS Origin Validation Bypass via Regex

Jupyter Server, a web-based interactive development environment, is susceptible to a CORS (Cross-Origin Resource Sharing) bypass vulnerability. This flaw arises from the server’s reliance on the re.match() function in Python’s regular expression library for validating the Origin header against the configured allow_origin_pat. The re.match() function, unlike re.fullmatch(), only anchors the regex at the beginning of the string, not the end. Consequently, an attacker can craft a malicious domain, such as http://trusted.example.com.evil.com/, which will pass the regex validation if the allow_origin_pat is intended to match trusted.example.com. This vulnerability impacts Jupyter Server versions 2.17.0 and prior. The fix was implemented in pull request #603 and patched in commits 057869a327c46730afede3eab0ca2d2e3e74acea and 49b34392feaa97735b3b777e3baf8f22f2a14ed8. Successful exploitation allows an attacker to bypass CORS restrictions, potentially leading to unauthorized data access or actions on behalf of legitimate users.

Attack Chain

1. An attacker identifies a Jupyter Server instance running version 2.17.0 or earlier.
2. The attacker crafts a malicious website with a domain name designed to bypass the allow_origin_pat regex. For instance, if the intended origin is trusted.example.com, the attacker uses trusted.example.com.evil.com.
3. A victim user visits the attacker’s malicious website in their browser.
4. The malicious website sends a cross-origin HTTP request to the vulnerable Jupyter Server. The Origin header in the request is set to the attacker-controlled domain (trusted.example.com.evil.com).
5. The Jupyter Server receives the request and validates the Origin header against the allow_origin_pat configuration using re.match().
6. Due to the behavior of re.match(), the attacker’s origin passes the validation, as the regex only checks for a match at the beginning of the string.
7. The Jupyter Server processes the cross-origin request, effectively bypassing the intended CORS restrictions.
8. The attacker can then potentially perform unauthorized actions or access sensitive data within the Jupyter Server, as if the request originated from a trusted source.

Impact

Successful exploitation of this vulnerability allows attackers to bypass CORS restrictions on vulnerable Jupyter Server instances. This could lead to unauthorized access to sensitive data, modification of user settings, or execution of arbitrary code within the Jupyter environment, all performed under the guise of a legitimate user. The number of affected instances depends on the prevalence of vulnerable Jupyter Server versions and the use of misconfigured allow_origin_pat settings.

Recommendation

• Upgrade Jupyter Server to a version greater than 2.17.0, which includes the fix for CVE-2026-40110.
• As a workaround, wrap your allow_origin_pat configuration value with ^ and $ to ensure the regex matches the entire string, as suggested in the advisory.
• Monitor web server logs for requests with Origin headers matching the pattern trusted.example.com.* (adjusting the trusted.example.com to your actual configured pattern) to detect potential exploitation attempts. Implement this detection using the provided Sigma rule targeting webserver logs.