CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•8 views

CVE-2026-44727

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default...

9.3CVSS0.00239EPSS

CVE•added 4 days ago•20 views

CVE-2026-44727

Jupyter Server (prior to 2.20) is affected by a stored XSS in the nbconvert HTML export path. The nbconvert HTTP handlers NbconvertFileHandler and NbconvertPostHandler render notebook HTML under the Jupyter origin without a sandbox directive in Content-Security-Policy, and NbconvertHTMLExporter’s...

9.3CVSS5.9AI score0.00239EPSS

Cvelist•added 4 days ago•19 views

CVE-2026-44727 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

9.3CVSS0.00239EPSS

OSV•added 2026/06/18 3:4 p.m.•15 views

GHSA-FCW5-X6J4-CCMP Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...

9.3CVSS5.3AI score0.00239EPSS

Github Security Blog•added 2026/06/18 3:4 p.m.•15 views

Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

9.3CVSS5.3AI score0.00239EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/06/18 12:0 a.m.•13 views

PT-2026-50718

Name of the Vulnerable Software and Affected Versions jupyter-server versions prior to 2.20.0 Description The nbconvert HTTP handlers render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy CSP, which is a security layer that helps...

9.3CVSS6AI score0.00239EPSS

Exploits0References6

OSV•added 2026/06/08 12:0 a.m.•5 views

OPENSUSE-SU-2026:10972-1 python311-jupyter-server-2.19.0-1.1 on GA media

These are all security issues fixed in the python311-jupyter-server-2.19.0-1.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.5AI score0.00437EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:10 p.m.•9 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.5AI score0.0054EPSS

Exploits2References1

RedhatCVE•added 2026/06/05 7:34 a.m.•11 views

CVE-2026-6657

A flaw was found in jupyter-server. A remote attacker can bypass Cross-Origin Resource Sharing CORS origin validation when the alloworiginpat configuration is used. This vulnerability allows malicious domains to pass validation against patterns intended for trusted domains. This could lead to...

6.1CVSS5.7AI score0.00134EPSS

Exploits0References4

SUSE CVE•added 2026/06/05 3:16 a.m.•10 views

SUSE CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6AI score0.00134EPSS

RedhatCVE•added 2026/06/04 12:39 p.m.•12 views

CVE-2026-40934

A flaw was found in Jupyter Server. The secret used to sign authentication cookies is not rotated when a user changes their password, allowing previously issued authentication cookies to remain valid. A remote attacker who has captured a session cookie can retain full authenticated access to the...

7.6CVSS5.8AI score0.00308EPSS

Exploits1References4

NVD•added 2026/06/03 4:16 p.m.•9 views

CVE-2026-6657

6.1CVSS0.00134EPSS

OSV•added 2026/06/03 4:16 p.m.•8 views

UBUNTU-CVE-2026-6657

6.1CVSS6.3AI score0.00134EPSS

Cvelist•added 2026/06/03 3:6 p.m.•42 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

6.1CVSS0.00134EPSS

Vulnrichment•added 2026/06/03 3:6 p.m.•10 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

6.1CVSS6AI score0.00134EPSS

vulnersOsv•added 2026/06/03 3:6 p.m.•6 views

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +360 more potentially affected by CVE-2026-6657 via jupyter-server (>=1.13.2 <=2.17.0)

jupyter-server PYPI version =1.13.2, =0.1.0, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =0.1.0, =1.0.1, =0.1.0, =0.14.0 and more Source cves: CVE-2026-6657 Source advisory: SNYK:PYTHON-JUPYTERSERVER-17220130...

6.1CVSS6.3AI score0.00134EPSS

Exploits0

EUVD•added 2026/06/03 3:6 p.m.•14 views

EUVD-2026-34104

6.1CVSS6.6AI score0.00134EPSS

ATTACKERKB•added 2026/06/03 3:6 p.m.•5 views

CVE-2026-6657

6.1CVSS6.6AI score0.00134EPSS

CVE•added 2026/06/03 3:6 p.m.•18 views

CVE-2026-6657

CVE-2026-6657 affects jupyter-server 1.12.0–2.17.0. Root cause: using re.match() to validate the Origin header in allow_origin_pat, causing attacker-controlled domains like trusted.example.com.evil.com to bypass CORS origin checks. Impact stated across CORS headers, WebSocket connections, referer...

6.1CVSS6.6AI score0.00134EPSS