CVE-2026-44727

Summary

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.

Affected Software

VendorProductVersion RangeStatus
jupyter-serverjupyter_server< 2.20affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-1021: CWE-1021: Improper Restriction of Rendered UI Layers or Frames

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers

Additional References

References