CVE-2026-40171

EPSS 0.13%
Veröffentlicht 06.05.2026 19:36:32
Zuletzt bearbeitet 07.05.2026 15:07:32
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with attacker-controlled notebook content to steal authentication tokens with a single click.

An attacker can craft a malicious notebook file containing elements that appear indistinguishable from legitimate controls and trigger execution when a user interacts with them. Successful exploitation allows theft of the user's authentication token and complete takeover of the Jupyter session through the REST API, including reading files, creating or modifying files, accessing kernels to execute arbitrary code, and creating terminals for shell access. This issue has been fixed in Notebook 7.5.6, JupyterLab 4.5.7, @jupyter-notebook/help-extension 7.5.6, and @jupyterlab/help-extension 4.5.7. As a workaround, disable the affected help extensions or set allowCommandLinker to false in the sanitizer configuration.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerjupyter

≫

Produkt notebook

Version >=7.0.0, <= 7.5.5

Status affected

Herstellerjupyterlab

≫

Produkt help-extension

Version <=4.5.6

Status affected

Herstellerjupyterlab

≫

Produkt jupyterlab

Version <= 4.5.6

Status affected

Herstellerjupyter-notebook

≫

Produkt help-extension

Version >=7.0.0,<= 7.5.5

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.311

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.4	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9

https://nvd.nist.gov/vuln/detail/CVE-2026-40171

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40171

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40171

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-40171