{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/notebook/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["@jupyter-notebook/help-extension","notebook","jupyterlab","@jupyterlab/help-extension","Jupyter Notebook"],"_cs_severities":["high"],"_cs_tags":["xss","jupyter","authentication","account-takeover","vulnerability"],"_cs_type":"advisory","_cs_vendors":["Jupyter","NVIDIA"],"content_html":"\u003cp\u003eA stored Cross-Site Scripting (XSS) vulnerability has been identified in Jupyter Notebook and JupyterLab, impacting versions 7.0.0 through 7.5.5 of Jupyter Notebook and versions up to 4.5.6 of JupyterLab. Discovered by Daniel Teixeira of the NVIDIA AI Red Team, this flaw allows an attacker to craft malicious notebook files containing XSS payloads embedded within the command linker functionality. When a user opens and interacts with these files, the injected script executes, potentially stealing the user\u0026rsquo;s authentication token. Successful exploitation grants the attacker full control over the user\u0026rsquo;s Jupyter account, enabling them to read, modify, and create files, execute arbitrary code via running kernels, and establish shell access through created terminals. This vulnerability poses a significant risk to data confidentiality, integrity, and system availability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious Jupyter Notebook file containing a stored XSS payload within the command linker functionality.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious notebook file to a target user (e.g., via email, shared repository, or compromised website).\u003c/li\u003e\n\u003cli\u003eThe victim opens the malicious notebook file in a vulnerable version of Jupyter Notebook or JupyterLab.\u003c/li\u003e\n\u003cli\u003eThe victim interacts with a seemingly legitimate control element within the notebook that is, in fact, part of the XSS payload.\u003c/li\u003e\n\u003cli\u003eThe injected XSS code executes in the victim\u0026rsquo;s browser, stealing their authentication token.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen authentication token to authenticate to the Jupyter REST API.\u003c/li\u003e\n\u003cli\u003eThe attacker gains complete control over the victim\u0026rsquo;s Jupyter account.\u003c/li\u003e\n\u003cli\u003eThe attacker performs malicious actions, such as reading files, modifying files, executing arbitrary code, or creating terminals for shell access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XSS vulnerability enables complete account takeover, allowing attackers to read, modify, and create files, access running kernels and execute arbitrary code, and create terminals for shell access within the victim\u0026rsquo;s Jupyter environment. This can lead to data exfiltration, code injection, and potential compromise of sensitive information stored within the Jupyter Notebook environment. Given the widespread use of Jupyter Notebook in data science, machine learning, and research environments, this vulnerability can have far-reaching consequences for individuals and organizations relying on these tools.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade Jupyter Notebook to version 7.5.6 or later, and JupyterLab to version 4.5.7 or later to patch CVE-2026-40171.\u003c/li\u003e\n\u003cli\u003eApply the workaround to disable the help extension via CLI as specified in the advisory to mitigate the vulnerability until patching is possible.\u003c/li\u003e\n\u003cli\u003eImplement the hardening measure by disabling the command linker functionality via \u003ccode\u003eoverrides.json\u003c/code\u003e to prevent XSS attacks, referencing the configuration details in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Jupyter Notebook CommandLinker XSS Attempt\u0026rdquo; to detect potential exploitation attempts based on specific HTTP request characteristics.\u003c/li\u003e\n\u003cli\u003eEducate users about the risks of opening untrusted Jupyter Notebook files and interacting with potentially malicious content.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T17:25:47Z","date_published":"2026-04-30T17:25:47Z","id":"/briefs/2024-01-30-jupyter-xss/","summary":"A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook versions 7.0.0 through 7.5.5 and JupyterLab versions up to 4.5.6 allows attackers to steal authentication tokens by tricking users into interacting with malicious notebook files, leading to complete account takeover via the Jupyter REST API.","title":"Jupyter Notebook Authentication Token Theft via CommandLinker XSS","url":"https://feed.craftedsignal.io/briefs/2024-01-30-jupyter-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Notebook","version":"https://jsonfeed.org/version/1.1"}