Description
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default.
Published: 2026-04-21
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Read via Path Traversal
Action: Patch Immediately
AI Analysis

Impact

The vulnerability in Jupyter nbconvert allows an attacker to read any file on the host system when embedding images as base64 data URIs within a notebook. By setting HTMLExporter.embed_images=True, the markdown renderer processes image references that contain path traversal strings, causing the conversion tool to read the referenced file and encode it for inclusion in the output HTML. This results in exfiltration of sensitive data, an instance of CWE‑22 and CWE‑73.

Affected Systems

Pages that use the nbconvert tool from the Jupyter project, specifically versions 6.5 through 7.17.0. The flaw is tied to the configuration option HTMLExporter.embed_images, which is active only when explicitly enabled.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.5, indicating moderate severity, and is not flagged in CISA's Known Exploited Vulnerabilities catalog. The EPSS score is unavailable, so the current likelihood of exploitation is unknown, but the flaw requires a crafted notebook that the attacker can have converted on a host with access to the notebook. Because embed_images is not enabled by default, the attack vector relies on the attacker having control of the notebook conversion process.

Generated by OpenCVE AI on April 21, 2026 at 15:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update nbconvert to version 7.17.1 or later to apply the official fix.
  • If immediate upgrade is not possible, configure the exporter to keep HTMLExporter.embed_images disabled to prevent the path traversal read path.
  • Avoid converting notebooks from untrusted sources or restrict the execution environment so that the conversion process has no read access to sensitive files.

Generated by OpenCVE AI on April 21, 2026 at 15:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-7jqv-fw35-gmx9 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
History

Thu, 23 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jupyter:nbconvert:*:*:*:*:*:python:*:*

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Jupyter
Jupyter nbconvert
Vendors & Products Jupyter
Jupyter nbconvert

Tue, 21 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default.
Title nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
Weaknesses CWE-22
CWE-73
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Jupyter Nbconvert
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-21T13:43:29.081Z

Reserved: 2026-04-06T21:29:17.350Z

Link: CVE-2026-39378

cve-icon Vulnrichment

Updated: 2026-04-21T13:43:14.531Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T01:16:06.073

Modified: 2026-04-23T17:50:56.100

Link: CVE-2026-39378

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T00:17:00Z

Links: CVE-2026-39378 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:37:55Z

Weaknesses