Tag
high
advisory
JupyterHub Extension Manager API/GUI Policy Discrepancy Allows Malicious Extension Installation
2 rules 1 TTPJupyterLab versions prior to 4.5.7 do not correctly enforce the allow-list of extensions that can be installed from PyPI Extension Manager, allowing authenticated attackers to escalate privileges and potentially exfiltrate data, move laterally, and persistently compromise server infrastructure.
JupyterHub +2
jupyterlab
privilege-escalation
vulnerability
extension-manager
2r
1t
high
advisory
OAuthenticator Authentication Bypass Vulnerability (CVE-2026-33175)
2 rules 1 TTPOAuthenticator versions prior to 17.4.0 contain an authentication bypass vulnerability (CVE-2026-33175) that allows an attacker with an unverified email address on an Auth0 tenant to log in to JupyterHub when email is used as the username claim, potentially leading to account takeover.
authentication-bypass
jupyterhub
oauthenticator
cve-2026-33175
2r
1t