Description
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0.
Published: 2026-05-05
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from the use of Python’s re.match() to validate the Origin header against the allow_origin_pat configuration in Jupyter Server. Because re.match() only anchors at the start of the string, a pattern intended to match a trusted domain (e.g., trusted.example.com) also matches any origin that begins with that domain and continues with additional characters (e.g., trusted.example.com.evil.com). This results in a CORS origin validation bypass, allowing an attacker controlling a domain that extends the trusted domain to make cross‑origin requests to the Jupyter Server API from an untrusted site. The attacker can therefore read or modify data and perform operations through the API, potentially compromising confidentiality, integrity, and availability of the user’s notebook environment. This weakness is identified as CWE-625 and CWE-777.

Affected Systems

The defect is present in Jupyter Server version 2.17.0 and earlier. Versions 2.18.0 and newer contain the fix and are not affected.

Risk and Exploitability

The CVSS score of 7.6 indicates high severity. The EPSS score is shown as less than 1% (approximately 0.00029), indicating a very low but nonzero likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is web‑based: an attacker who controls a domain that satisfies the prefix condition can create malicious content that sends cross‑origin requests to the Jupyter Server API, bypassing the intended origin restriction. Successful exploitation requires the attacker to host a site under a domain that matches the trusted prefix in allow_origin_pat and to deliver traffic that invokes API calls to the server, enabling information disclosure or modification.

Generated by OpenCVE AI on May 19, 2026 at 01:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade jupyter_server to version 2.18.0 or later, which contains the regex anchor fix
  • Revise the allow_origin_pat configuration so that the pattern fully anchors the domain (e.g., include start ^ and end $ anchors or use literal match for the exact domain)
  • If an immediate upgrade is not possible, restrict incoming connections to the Jupyter Server via network firewalls or reverse proxies so that only trusted internal clients can reach the API

Generated by OpenCVE AI on May 19, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-24qx-w28j-9m6p Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)
History

Tue, 19 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-625
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N'}

Thu, 07 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Jupyter
Jupyter jupyter Server
Vendors & Products Jupyter
Jupyter jupyter Server

Tue, 05 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0.
Title jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat
Weaknesses CWE-777
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L'}

Subscriptions

Jupyter Jupyter Server
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-07T12:47:52.707Z

Reserved: 2026-04-09T01:41:38.536Z

Link: CVE-2026-40110

cve-icon Vulnrichment

Updated: 2026-05-06T16:10:29.740Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-05T22:16:00.663

Modified: 2026-05-11T12:59:21.687

Link: CVE-2026-40110

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-05T21:29:31Z

Links: CVE-2026-40110 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T02:00:14Z

Weaknesses