Description
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.
Published: 2026-04-21
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Write via Path Traversal
Action: Apply Patch
AI Analysis

Impact

The vulnerability lies in the ExtractAttachmentsPreprocessor of nbconvert, which accepts cell attachment filenames without sanitization. Attackers can craft notebook files containing specially constructed filenames that include directory traversal sequences, thereby instructing nbconvert to write files outside the intended output directory. This results in arbitrary file writes, including overwriting sensitive system files or creating executables. The flaw is a classic path traversal and insecure file write weakness.

Affected Systems

The issue affects all releases of the jupyter:nbconvert package from version 6.5 up through 7.17.0. Versions 7.17.1 and later incorporate a fix. Users running the affected ranges should verify their installed nbconvert version and ensure it is upgraded to 7.17.1 or a newer release.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity risk. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the delivery of a malicious notebook to a system that automatically processes it with nbconvert, such as a CI/CD pipeline, a shared analysis platform, or an automated conversion service. If the nbconvert process runs with elevated permissions, the attacker could potentially overwrite critical files or deploy malware. Administrators should consider the operating context and process privileges when assessing impact.

Generated by OpenCVE AI on April 21, 2026 at 15:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade jupyter nbconvert to version 7.17.1 or later, which patches the path traversal flaw.
  • Restrict the file system permissions of the user account running nbconvert so that it cannot write outside the intended directory.
  • Validate or sanitize attachment filenames before processing or disable attachment extraction for untrusted notebooks.

Generated by OpenCVE AI on April 21, 2026 at 15:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4c99-qj7h-p3vg nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
History

Thu, 23 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jupyter:nbconvert:*:*:*:*:*:python:*:*

Wed, 22 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Jupyter
Jupyter nbconvert
Vendors & Products Jupyter
Jupyter nbconvert

Tue, 21 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.
Title nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames
Weaknesses CWE-22
CWE-73
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

Subscriptions

Jupyter Nbconvert
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-21T19:49:24.475Z

Reserved: 2026-04-06T21:29:17.350Z

Link: CVE-2026-39377

cve-icon Vulnrichment

Updated: 2026-04-21T16:01:26.848Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T01:16:05.937

Modified: 2026-04-23T17:51:26.430

Link: CVE-2026-39377

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T00:14:59Z

Links: CVE-2026-39377 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:37:55Z

Weaknesses