{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/jupyterlab--4.5.6/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["jupyterlab (\u003c= 4.5.6)","notebook (\u003e= 7.0.0, \u003c= 7.5.5)"],"_cs_severities":["high"],"_cs_tags":["jupyterlab","command-execution","html-injection"],"_cs_type":"advisory","_cs_vendors":["GitHub"],"content_html":"\u003cp\u003eA vulnerability exists in JupyterLab and Notebook where specially crafted HTML content can be embedded within a notebook or Markdown file. This content leverages the \u003ccode\u003edata-commandlinker-command\u003c/code\u003e and \u003ccode\u003edata-commandlinker-args\u003c/code\u003e attributes, which are improperly sanitized. When a user opens the malicious notebook or Markdown file and clicks on a deceptively crafted button, it triggers the execution of arbitrary JupyterLab commands without further user interaction or code submission. This can lead to arbitrary code execution, file deletion, or denial of service. The vulnerability affects JupyterLab versions 4.5.6 and earlier, as well as Notebook versions 7.0.0 through 7.5.5. A patch is available in JupyterLab 4.5.7 to address this issue. This vulnerability poses a significant risk as it only requires a single click from the user to initiate malicious actions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious notebook or Markdown file containing an HTML cell output.\u003c/li\u003e\n\u003cli\u003eThe HTML cell includes a \u003ccode\u003e\u0026lt;button\u0026gt;\u003c/code\u003e element with \u003ccode\u003edata-commandlinker-command\u003c/code\u003e and \u003ccode\u003edata-commandlinker-args\u003c/code\u003e attributes set to a malicious command.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious file via email, GitHub, or a Binder link.\u003c/li\u003e\n\u003cli\u003eVictim opens the file in JupyterLab or Notebook.\u003c/li\u003e\n\u003cli\u003eThe malicious HTML is rendered in the output area, displaying a deceptive button visually indistinguishable from legitimate widgets.\u003c/li\u003e\n\u003cli\u003eThe victim clicks on the button.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eCommandLinker\u003c/code\u003e captures the click event on \u003ccode\u003edocument.body\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eCommandLinker\u003c/code\u003e executes the command specified in the \u003ccode\u003edata-commandlinker-command\u003c/code\u003e attribute, leading to arbitrary code execution, file deletion, or other malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to arbitrary code execution within the context of the JupyterLab server. This could allow an attacker to delete files, potentially causing unrecoverable data loss. In multi-tenant environments, this could lead to denial-of-service by exhausting server resources. In certain browser configurations (Chromium-based), attackers can potentially gain full terminal access via multi-click attacks combined with clipboard access. The affected products are JupyterLab versions up to 4.5.6 and Notebook versions 7.0.0 through 7.5.5.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to JupyterLab version 4.5.7 or later to patch CVE-2026-42557.\u003c/li\u003e\n\u003cli\u003eFor downstream applications, disable the \u003ccode\u003eCommandLinker\u003c/code\u003e during initialization as described in the advisory.\u003c/li\u003e\n\u003cli\u003eImplement the hardening steps by setting \u003ccode\u003e\u0026quot;allowCommandLinker\u0026quot;: false\u003c/code\u003e in the \u003ccode\u003eoverrides.json\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening notebooks and Markdown files from untrusted sources to prevent T1204.002 (User Execution).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T12:00:00Z","date_published":"2026-05-07T12:00:00Z","id":"/briefs/2026-05-jupyterlab-command-execution/","summary":"JupyterLab's HTML sanitizer allows execution of arbitrary commands via specially crafted HTML content in notebooks or Markdown files due to improper handling of `data-commandlinker-command` and `data-commandlinker-args` attributes.","title":"JupyterLab Command Execution via Crafted HTML Content","url":"https://feed.craftedsignal.io/briefs/2026-05-jupyterlab-command-execution/"}],"language":"en","title":"CraftedSignal Threat Feed — Jupyterlab (\u003c= 4.5.6)","version":"https://jsonfeed.org/version/1.1"}