{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/jupyterlab-git-pip--0.30.0b3--0.54.0a1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["jupyterlab-git (pip \u003e= 0.30.0b3, \u003c 0.54.0a1)","jupyterlab-git-core (pip \u003e= 0.30.0b3, \u003c 0.54.0a1)","@jupyterlab/git (npm \u003e= 0.30.0b3, \u003c 0.54.0-a1)"],"_cs_severities":["high"],"_cs_tags":["xss","rce","jupyterlab","git","web-vulnerability","software-supply-chain","ghsa"],"_cs_type":"advisory","_cs_vendors":["Jupyter Project"],"content_html":"\u003cp\u003eAmazon Web Services (AWS) Security discovered CVE-2026-54527, a high-severity stored cross-site scripting (XSS) vulnerability within the \u003ccode\u003ejupyterlab-git\u003c/code\u003e JupyterLab extension (versions \u0026gt;= 0.30.0b3, \u0026lt; 0.54.0a1). This flaw specifically resides in the \u003ccode\u003ecreateHeader()\u003c/code\u003e method of the \u003ccode\u003ePlainTextDiff.ts\u003c/code\u003e component, which insecurely renders Git filenames directly to \u003ccode\u003einnerHTML\u003c/code\u003e without sanitization when displaying diffs for renamed files in commit history. Exploitation requires an adversary to have commit access to a shared Git repository; they craft a malicious filename (e.g., \u003ccode\u003e\u0026lt;img src=x onerror=eval(atob(\u0026quot;base64_payload\u0026quot;))\u0026gt;.py\u003c/code\u003e), rename it in a subsequent commit, and push it. When a victim views the rename diff of this file in the Git History tab, the injected JavaScript executes in their browser, reading the \u003ccode\u003e_xsrf\u003c/code\u003e cookie, opening a JupyterLab terminal via \u003ccode\u003ePOST /api/terminals\u003c/code\u003e, and subsequently executing arbitrary shell commands to achieve full Remote Code Execution (RCE). This allows attackers to exfiltrate secrets, credentials, and sensitive data from the victim's JupyterLab environment. The vulnerability impacts organizations utilizing JupyterLab with the vulnerable \u003ccode\u003ejupyterlab-git\u003c/code\u003e extension installed, potentially leading to widespread compromise of development and data science environments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn adversary with commit access to a shared Git repository crafts a file with a malicious filename containing a JavaScript payload (e.g., \u003ccode\u003e\u0026lt;img src=x onerror=eval(atob(\u0026quot;base64_payload\u0026quot;))\u0026gt;.py\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe adversary performs a Git commit, renaming the crafted file, and pushes both the file creation and rename commits to the shared Git repository.\u003c/li\u003e\n\u003cli\u003eA victim user clones or pulls the repository into their JupyterLab environment.\u003c/li\u003e\n\u003cli\u003eThe victim navigates to the Git History tab within JupyterLab, clicks the commit containing the rename, and then clicks the renamed malicious file to view its diff.\u003c/li\u003e\n\u003cli\u003eJupyterLab's \u003ccode\u003ePlainTextDiff.ts\u003c/code\u003e component, specifically the \u003ccode\u003ecreateHeader()\u003c/code\u003e method, renders the unsanitized malicious filename directly into the Document Object Model (DOM) via \u003ccode\u003einnerHTML\u003c/code\u003e, executing the embedded JavaScript payload in the victim's browser session.\u003c/li\u003e\n\u003cli\u003eThe executed JavaScript reads the victim's \u003ccode\u003e_xsrf\u003c/code\u003e cookie, constructs and sends a \u003ccode\u003ePOST\u003c/code\u003e request to the JupyterLab server's \u003ccode\u003e/api/terminals\u003c/code\u003e endpoint to open a new terminal session.\u003c/li\u003e\n\u003cli\u003eThe JavaScript establishes a WebSocket connection to the newly created terminal and sends arbitrary shell commands for execution on the underlying JupyterLab server.\u003c/li\u003e\n\u003cli\u003eThe shell commands execute with the privileges of the JupyterLab server process, leading to Remote Code Execution (RCE) and potential exfiltration of credentials or sensitive data from the victim's environment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-54527 leads to full Remote Code Execution (RCE) on the JupyterLab server where the victim's session is running. This grants an attacker unauthorized access to the victim's code, data, environment variables, and any credentials accessible from that environment. Attackers can leverage this RCE to exfiltrate sensitive information, install backdoors, move laterally within the network, or disrupt development and data science workflows. The attack vectors are widespread across any organization using JupyterLab with the vulnerable \u003ccode\u003ejupyterlab-git\u003c/code\u003e extension in a collaborative Git environment.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eImmediately patch the \u003ccode\u003ejupyterlab-git\u003c/code\u003e extension to a version equal to or greater than 0.54.0a1 to remediate CVE-2026-54527.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules \u0026quot;Detects CVE-2026-54527 Exploitation — JupyterLab Terminal Creation\u0026quot; and \u0026quot;Detects CVE-2026-54527 Exploitation — Suspicious JupyterLab Child Process\u0026quot; to your SIEM and tune them for your environment's baseline JupyterLab activity.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive \u003ccode\u003ewebserver\u003c/code\u003e logging for all JupyterLab instances to capture \u003ccode\u003ePOST\u003c/code\u003e requests to \u003ccode\u003e/api/terminals\u003c/code\u003e and other suspicious API endpoints, enabling the \u0026quot;Detects CVE-2026-54527 Exploitation — JupyterLab Terminal Creation\u0026quot; rule.\u003c/li\u003e\n\u003cli\u003eEnable \u003ccode\u003eprocess_creation\u003c/code\u003e logging on all servers hosting JupyterLab instances to monitor for unusual child processes spawned by JupyterLab or Python processes, enabling the \u0026quot;Detects CVE-2026-54527 Exploitation — Suspicious JupyterLab Child Process\u0026quot; rule.\u003c/li\u003e\n\u003c/ol\u003e\n","date_modified":"2026-06-19T20:01:30Z","date_published":"2026-06-19T20:01:30Z","id":"https://feed.craftedsignal.io/briefs/2026-06-jupyterlab-git-xss-rce/","summary":"A stored cross-site scripting (XSS) vulnerability, identified as CVE-2026-54527, in the `jupyterlab-git` JupyterLab extension (versions \u003e= 0.30.0b3, \u003c 0.54.0a1), specifically in `PlainTextDiff.ts`, allows an adversary with Git commit access to execute arbitrary JavaScript in a victim's browser and achieve Remote Code Execution (RCE) on the JupyterLab server by crafting a malicious filename in a Git commit that, when viewed as a rename diff, triggers the XSS payload to steal `_xsrf` cookies, open a terminal, and execute arbitrary shell commands to exfiltrate data.","title":"JupyterLab Git Extension Stored XSS to RCE (CVE-2026-54527)","url":"https://feed.craftedsignal.io/briefs/2026-06-jupyterlab-git-xss-rce/"}],"language":"en","title":"CraftedSignal Threat Feed - Jupyterlab-Git (Pip \u003e= 0.30.0b3, \u003c 0.54.0a1)","version":"https://jsonfeed.org/version/1.1"}