EUVD-2026-33905

🗓️ 02 Jun 2026 09:11:15Reported by EUVDType

Path traversal in jupyter-server 2.17.0 enables access to sibling files via flawed root boundary check and unstripped path parts.

Reporter	Title	Published	Views	Family All 12
Huntr	Path Traversal via Incorrect startswith() Root Directory Check in jupyter-server Allows Access to Sibling Directories	25 Feb 202609:10	–	huntr
ATTACKERKB	CVE-2026-5422	2 Jun 202609:11	–	attackerkb
CVE	CVE-2026-5422	2 Jun 202609:11	–	cve
Cvelist	CVE-2026-5422 Path Traversal in jupyter/jupyter	2 Jun 202609:11	–	cvelist
Debian CVE	CVE-2026-5422	2 Jun 202609:11	–	debiancve
NVD	CVE-2026-5422	2 Jun 202610:16	–	nvd
OSV	DEBIAN-CVE-2026-5422	2 Jun 202610:16	–	osv
OSV	UBUNTU-CVE-2026-5422	3 Jun 202600:00	–	osv
Positive Technologies	PT-2026-45727	2 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-5422	3 Jun 202612:20	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "aa5a5619-58f6-3f7d-8e72-1af5fa9a4330",
        "vendor": {
          "name": "jupyter"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "fe8dbb20-dc68-3b30-a16b-dff78aeabeb0",
        "product": {
          "name": "jupyter/jupyter",
          "vendor": {
            "name": "jupyter"
          }
        },
        "product_version": "unspecified ≤latest"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/24a36953-6490-466f-8cb2-a90d1ca56e0f

02 Jun 2026 12:14Current

6.7Medium risk

Vulners AI Score6.7

CVSS 36.8

EPSS0.00046

SSVC