CVE-2026-40934 vulnerabilities

Vulnerabilities for packages: datahub-ingestion-fips, datahub-ingestion...

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +367 more potentially affected by CVE-2026-40934 via jupyter-server (>=0.0.5 <=2.17.0)

jupyter-server PYPI version =0.0.5, =0.1.0, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =0.1.0, =1.0.1, =0.1.0, =0.14.0 and more Source cves: CVE-2026-40934 Source advisory: OSV:PYSEC-2026-69...

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +367 more potentially affected by CVE-2026-40934 via jupyter-server (>=0.0.5 <=2.17.0)

jupyter-server PYPI version =0.0.5, =0.1.0, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =0.1.0, =1.0.1, =0.1.0, =0.14.0 and more Source cves: CVE-2026-40934 Source advisory: OSV:GHSA-5MRQ-X3X5-8V8F...