Jupyter

A critical stored Cross-Site Scripting (XSS) vulnerability, CVE-2026-44727, exists in `jupyter_server` versions up to 2.19.0 due to a missing `sandbox` directive in Content-Security-Policy (CSP) headers, allowing authenticated attackers to craft malicious notebooks that exfiltrate victim tokens and achieve kernel Remote Code Execution (RCE) when viewed.

JupyterLab versions prior to 4.5.7 do not correctly enforce the allow-list of extensions that can be installed from PyPI Extension Manager, allowing authenticated attackers to escalate privileges and potentially exfiltrate data, move laterally, and persistently compromise server infrastructure.

Jupyter Server version 2.17.0 and earlier is vulnerable to a path traversal vulnerability due to an insufficient check on the root directory, allowing an authenticated user to access, read, write, and delete content outside the server's root directory in sibling directories that share the same prefix as the root directory, potentially leading to privilege escalation in multi-tenant environments.

A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook versions 7.0.0 through 7.5.5 and JupyterLab versions up to 4.5.6 allows attackers to steal authentication tokens by tricking users into interacting with malicious notebook files, leading to complete account takeover via the Jupyter REST API.

Jupyter Server versions 2.17.0 and earlier are vulnerable to a CORS origin validation bypass due to improper use of `re.match()` in validating the Origin header against the `allow_origin_pat` configuration, allowing attackers to bypass CORS restrictions.