{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/project-jupyter/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["jupyterlab-git \u003c= 0.53.0"],"_cs_severities":["high"],"_cs_tags":["web-vulnerability","path-traversal","data-exfiltration","jupyterlab","python"],"_cs_type":"advisory","_cs_vendors":["Project Jupyter"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-54528, has been discovered in \u003ccode\u003ejupyterlab-git\u003c/code\u003e versions up to 0.53.0, a popular Git extension for JupyterLab environments. This flaw allows an authenticated user to bypass security controls designed to restrict access to sensitive directories. The vulnerability stems from the \u003ccode\u003ejupyterlab-git\u003c/code\u003e extension's use of \u003ccode\u003efnmatch.fnmatchcase()\u003c/code\u003e for enforcing \u003ccode\u003eexcluded_paths\u003c/code\u003e configurations. Unlike \u003ccode\u003efnmatch.fnmatch()\u003c/code\u003e, \u003ccode\u003efnmatch.fnmatchcase()\u003c/code\u003e is unconditionally case-sensitive. This design choice enables attackers on case-insensitive filesystems (such as Windows NTFS or macOS APFS) to craft URLs with case-varied path segments (e.g., \u003ccode\u003e/project/Secrets\u003c/code\u003e instead of \u003ccode\u003e/project/secrets\u003c/code\u003e), thereby circumventing the exclusion logic and gaining unauthorized read access to Git repositories and file contents within directories explicitly forbidden by administrators. This directly impacts data confidentiality and integrity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated user with valid access to a JupyterLab instance, running a vulnerable version of \u003ccode\u003ejupyterlab-git\u003c/code\u003e (\u0026lt;=0.53.0), is present on a system with a case-insensitive filesystem (Windows NTFS or macOS APFS).\u003c/li\u003e\n\u003cli\u003eAn administrator has configured \u003ccode\u003ec.JupyterLabGit.excluded_paths\u003c/code\u003e to deny access to sensitive directories (e.g., \u003ccode\u003e[\u0026quot;/project/secrets\u0026quot;, \u0026quot;/project/secrets/*\u0026quot;]\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a sensitive path that should be excluded (e.g., \u003ccode\u003e/project/secrets\u003c/code\u003e) and crafts an HTTP \u003ccode\u003ePOST\u003c/code\u003e request to a \u003ccode\u003ejupyterlab-git\u003c/code\u003e endpoint (e.g., \u003ccode\u003e/git/{path}/status\u003c/code\u003e) using a case-varied version of the path (e.g., \u003ccode\u003e/git/project/Secrets/status\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ejupyterlab-git\u003c/code\u003e backend, specifically \u003ccode\u003eGitHandler.prepare()\u003c/code\u003e, checks the crafted path against \u003ccode\u003eexcluded_paths\u003c/code\u003e using \u003ccode\u003efnmatch.fnmatchcase()\u003c/code\u003e. Due to the unconditional case-sensitivity of \u003ccode\u003efnmatch.fnmatchcase()\u003c/code\u003e, the path \u003ccode\u003e/project/Secrets\u003c/code\u003e does not match the configured \u003ccode\u003e/project/secrets\u003c/code\u003e, bypassing the exclusion check.\u003c/li\u003e\n\u003cli\u003eOn the case-insensitive filesystem, the \u003ccode\u003eurl2localpath()\u003c/code\u003e function resolves \u003ccode\u003e/project/Secrets\u003c/code\u003e to the same disk location as \u003ccode\u003e/project/secrets\u003c/code\u003e, allowing the request to proceed to the target directory.\u003c/li\u003e\n\u003cli\u003eThe attacker first confirms the bypass by sending a \u003ccode\u003ePOST\u003c/code\u003e request to an information-gathering endpoint like \u003ccode\u003e/git/project/Secrets/status\u003c/code\u003e, which returns a \u003ccode\u003e200 OK\u003c/code\u003e status instead of the expected \u003ccode\u003e404\u003c/code\u003e error.\u003c/li\u003e\n\u003cli\u003eWith confirmed access, the attacker sends a \u003ccode\u003ePOST\u003c/code\u003e request to the \u003ccode\u003e/git/project/Secrets/content\u003c/code\u003e endpoint, providing a filename (e.g., \u003ccode\u003e{\u0026quot;filename\u0026quot;: \u0026quot;./cred.txt\u0026quot;, \u0026quot;reference\u0026quot;: {\u0026quot;git\u0026quot;: \u0026quot;HEAD\u0026quot;}}\u003c/code\u003e), to exfiltrate the contents of sensitive files.\u003c/li\u003e\n\u003cli\u003eThe JupyterLab server returns the content of the sensitive file (e.g., \u003ccode\u003esk-PROD-a8f2x9q-LIVE-KEY\u003c/code\u003e), resulting in unauthorized data exposure.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-54528 leads to the unauthorized disclosure of sensitive information. An authenticated attacker can access Git history, working tree files, and status information for any directory that an administrator intended to exclude, provided the underlying filesystem is case-insensitive. This directly compromises the confidentiality of data stored in affected repositories, including credentials, proprietary code, or confidential documents. The observed impact demonstrates the exfiltration of a simulated API key from an excluded \u003ccode\u003esecrets\u003c/code\u003e directory. Organizations using \u003ccode\u003ejupyterlab-git\u003c/code\u003e on Windows or macOS systems are at risk, with the potential for widespread data breaches if critical information is stored in such Git-managed directories.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cp\u003ePrioritize patching and detection to mitigate CVE-2026-54528.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade \u003ccode\u003ejupyterlab-git\u003c/code\u003e to a version greater than 0.53.0 to apply the fix for CVE-2026-54528.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules \u0026quot;Detects CVE-2026-54528 Exploitation - JupyterLab-Git Status Bypass\u0026quot; and \u0026quot;Detects CVE-2026-54528 Exploitation - JupyterLab-Git Content Exfiltration Bypass\u0026quot; to your SIEM solution to detect attempts to bypass \u003ccode\u003eexcluded_paths\u003c/code\u003e via case-varied URLs.\u003c/li\u003e\n\u003cli\u003eEnsure detailed \u003ccode\u003ewebserver\u003c/code\u003e logging is enabled for all JupyterLab instances to capture HTTP \u003ccode\u003ePOST\u003c/code\u003e requests, URI stems, and status codes for analysis.\u003c/li\u003e\n\u003cli\u003eReview web server logs for \u003ccode\u003ePOST\u003c/code\u003e requests to \u003ccode\u003e/git/*/status\u003c/code\u003e and \u003ccode\u003e/git/*/content\u003c/code\u003e endpoints returning \u003ccode\u003e200 OK\u003c/code\u003e where paths contain common sensitive keywords (e.g., \u003ccode\u003esecrets\u003c/code\u003e, \u003ccode\u003econfig\u003c/code\u003e) with mixed casing, cross-referencing with your \u003ccode\u003eexcluded_paths\u003c/code\u003e configuration.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-19T19:59:42Z","date_published":"2026-06-19T19:59:42Z","id":"https://feed.craftedsignal.io/briefs/2026-06-jupyterlab-git-exclusion-bypass/","summary":"An authenticated user can bypass the admin-configured `excluded_paths` security control in `jupyterlab-git` versions up to 0.53.0 by exploiting a case-sensitivity flaw on case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), allowing unauthorized read access to git history and file content in explicitly excluded directories.","title":"JupyterLab-Git excluded_paths Case-Sensitivity Bypass (CVE-2026-54528)","url":"https://feed.craftedsignal.io/briefs/2026-06-jupyterlab-git-exclusion-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Project Jupyter","version":"https://jsonfeed.org/version/1.1"}