CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

PT-2026-36305

Name of the Vulnerable Software and Affected Versions Jupyter Notebook versions prior to 7.5.6 JupyterLab versions prior to 4.5.7 Description A stored Cross-Site Scripting XSS issue allows attackers to steal authentication tokens from users who open malicious notebook files and interact with...