Description
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with attacker-controlled notebook content to steal authentication tokens with a single click.

An attacker can craft a malicious notebook file containing elements that appear indistinguishable from legitimate controls and trigger execution when a user interacts with them. Successful exploitation allows theft of the user's authentication token and complete takeover of the Jupyter session through the REST API, including reading files, creating or modifying files, accessing kernels to execute arbitrary code, and creating terminals for shell access. This issue has been fixed in Notebook 7.5.6, JupyterLab 4.5.7, @jupyter-notebook/help-extension 7.5.6, and @jupyterlab/help-extension 4.5.7. As a workaround, disable the affected help extensions or set allowCommandLinker to false in the sanitizer configuration.
Published: 2026-05-06
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored cross‑site scripting vulnerability in the help command linker allows an attacker to embed malicious notebook content that, when viewed or interacted with by a user, steals the authentication token. Possession of the token gives the attacker full control over the Jupyter session through the REST API, enabling them to read or modify files, execute arbitrary code, and create terminal sessions. The weakness is a classic cross‑site scripting flaw (CWE‑79).

Affected Systems

The vulnerability affects Jupyter Notebook versions 7.0.0 through 7.5.5 and JupyterLab versions 4.5.6 and earlier. It also affects the @jupyter-notebook/help-extension package prior to 7.5.6 and the @jupyterlab/help-extension package prior to 4.5.7. All products listed are identified in the advisories for Jupyter Notebook and JupyterLab. If you are running any version within those ranges, you are at risk.

Risk and Exploitability

The CVSS score of 8.4 indicates a high‑severity flaw and the lack of an EPSS score does not diminish the documented attack path. The vulnerability can be exploited by placing a malicious notebook on the server, after which a user’s single click on a hidden link in the help section triggers token theft. The attacker then rolls the full functionality of the Jupyter REST API to maintain a persistent foothold. The vulnerability is not listed in the CISA KEV catalog; however, its impact is significant for any environment where Jupyter is used for data science or notebook collaboration.

Generated by OpenCVE AI on May 6, 2026 at 21:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Jupyter Notebook to version 7.5.6 or newer, JupyterLab to 4.5.7 or newer, @jupyter-notebook/help-extension to 7.5.6 or newer, and @jupyterlab/help-extension to 4.5.7 or newer. This patch removes the vulnerable help command linker functionality.
  • Disable the affected help extensions in the configuration if upgrading is not immediately possible, or set allowCommandLinker to false in the sanitizer configuration to block the malicious link execution. This is a safe temporary workaround until a patch is applied.
  • Restrict notebook file uploads so that only trusted users or networks can place notebooks on the server.

Generated by OpenCVE AI on May 6, 2026 at 21:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-rch3-82jr-f9w9 Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
History

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Jupyter
Jupyter jupyterlab
Jupyter notebook
Jupyter-notebook
Jupyter-notebook help-extension
Jupyterlab
Jupyterlab help-extension
Vendors & Products Jupyter
Jupyter jupyterlab
Jupyter notebook
Jupyter-notebook
Jupyter-notebook help-extension
Jupyterlab
Jupyterlab help-extension

Thu, 07 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 19:45:00 +0000

Type Values Removed Values Added
Description In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with attacker-controlled notebook content to steal authentication tokens with a single click. An attacker can craft a malicious notebook file containing elements that appear indistinguishable from legitimate controls and trigger execution when a user interacts with them. Successful exploitation allows theft of the user's authentication token and complete takeover of the Jupyter session through the REST API, including reading files, creating or modifying files, accessing kernels to execute arbitrary code, and creating terminals for shell access. This issue has been fixed in Notebook 7.5.6, JupyterLab 4.5.7, @jupyter-notebook/help-extension 7.5.6, and @jupyterlab/help-extension 4.5.7. As a workaround, disable the affected help extensions or set allowCommandLinker to false in the sanitizer configuration.
Title Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Jupyter Jupyterlab Notebook
Jupyter-notebook Help-extension
Jupyterlab Help-extension
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-07T12:25:06.041Z

Reserved: 2026-04-09T19:31:56.015Z

Link: CVE-2026-40171

cve-icon Vulnrichment

Updated: 2026-05-07T12:24:19.818Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T20:16:31.857

Modified: 2026-05-07T15:07:32.390

Link: CVE-2026-40171

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T21:25:25Z

Weaknesses