The vulnerability arises from the use of Python’s re.match() to validate the Origin header against the allow_origin_pat configuration in Jupyter Server. Because re.match() only anchors at the start of the string, a pattern intended to match a trusted domain (e.g., trusted.example.com) also matches any origin that begins with that domain and continues with additional characters (e.g., trusted.example.com.evil.com). This results in a CORS origin validation bypass, which permits an attacker controlling a domain that extends the trusted domain to make cross‑origin requests to the Jupyter Server API from an untrusted site. The attacker can therefore read or modify data and perform operations through the API, potentially compromising confidentiality, integrity, and availability of the user’s notebook environment. This weakness is identified as CWE‑777.

The defect is present in Jupyter Server version 2.17.0 and earlier. Versions 2.18.0 and newer contain the fix and are not affected by this issue.

The CVSS score of 7.6 indicates high severity. The EPSS score is currently not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is web‑based: an attacker who controls a domain that satisfies the prefix condition can redirect or script cross‑origin requests to the Jupyter Server API, bypassing the intended origin restriction. Successful exploitation requires the attacker to host a malicious site under a domain that shares the trusted prefix in allow_origin_pat, and to serve content that sends API requests to the server allowing the attacker to read or modify data.