Description
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories.

Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.
Published: 2026-05-05
Score: 7.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal flaw in Jupyter Server’s REST API allows an authenticated user to escape the configured root directory and read, write, or delete files in sibling directories that share a name prefix with the root. The vulnerability is a classic example of CWE‑22, where insufficient validation of path components leads to unauthorized filesystem access. An attacker could craft requests to the /api/contents endpoint with encoded path elements to reach directories whose names begin with the root directory’s prefix, thereby compromising confidentiality, integrity, and availability for the affected directories.

Affected Systems

Jupyter Server (jupyter_server) versions 2.17.0 and earlier are affected. The publicly available fix was introduced in version 2.18.0. Multi‑tenant deployments using predictable naming schemes, such as "user1" vs. "user10–user19", are particularly vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 7.6, indicating a high impact if exploited. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Because the flaw requires an authenticated user, the attacker must first obtain legitimate access to the Jupyter Server instance. Once authenticated, the attacker can exploit the API to traverse into adjacent directories that share a name prefix, potentially exposing sensitive data or tampering with files that belong to other users. The attack vector is inferred to be through crafted API requests; additional details about the exact permission checks are not provided in the description.

Generated by OpenCVE AI on May 5, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Jupyter Server 2.18.0 or later to apply the vendor‑issued fix.
  • If upgrading is not immediately possible, rename any sibling directories so that their names do not share a common prefix with the configured root directory.
  • Implement an access‑control policy that limits authenticated users to only the directories they own and denies traversal outside the root directory.

Generated by OpenCVE AI on May 5, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5789-5fc7-67v3 Jupyter Server: Path Traversal via incorrect startswith() root directory check allows access to sibling directories
History

Tue, 05 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Jupyter
Jupyter jupyter Server
Vendors & Products Jupyter
Jupyter jupyter Server

Tue, 05 May 2026 20:00:00 +0000

Type Values Removed Values Added
Description Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.
Title jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Jupyter Jupyter Server
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-05T19:37:33.810Z

Reserved: 2026-04-02T17:03:42.074Z

Link: CVE-2026-35397

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T20:16:38.223

Modified: 2026-05-05T20:16:38.223

Link: CVE-2026-35397

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T21:30:05Z

Weaknesses