Description
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attackers could trigger server spawn (but not access the server) and if the attacker is a JupyterHub user permitted to share access to their server, cause a user to accept a share and have access to the attacker's server. This issue has been fixed in version 5.4.5. If developers are unable to immediately upgrade, they can temporarily mitigate this issue by dropping requests to JupyterHub with Sec-Fetch-Mode: no-cors if they are using a reverse proxy.
Published: 2026-05-22
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

JupyterHub, the multi‑user platform for Jupyter notebooks, improperly treats HTTP form POST requests that include the header Sec‑Fetch‑Mode: no‑cors as same‑origin, causing the framework to skip XSRF validation. This flaw only affects standard web forms, not the JSON API. As a consequence, an attacker can submit a form to /hub/spawn to create a new server instance or to /hub/accept‑share to force a legitimate user to accept a share, thereby granting the attacker access to that user’s server. The vulnerability is a classic XSRF weakness, identified as CWE‑352.

Affected Systems

All JupyterHub installations running versions 4.1.0 through 5.4.4 are affected. The vendor product is JupyterHub, the software used to run shared notebook servers. Production deployments of JupyterHub that do not have the patch applied to 5.4.5 are vulnerable. No specific third‑party distributions are mentioned, and no additional product variants are identified.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. Because this vulnerability requires the attacker to send a cross‑origin form POST, the attack vector is a browser‑based request that the victim’s browser will execute. The EPSS score is not available, so current exploitation likelihood cannot be quantified, but the defect is in a widely used open‑source project, and several public advisories mention it. The flaw is not listed in the CISA KEV catalog. Successful exploitation would allow an attacker to spawn a dedicated server or to hijack an existing server via shared access, potentially giving them file access or further privilege escalation within the Jupyter environment.

Generated by OpenCVE AI on May 22, 2026 at 21:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade installed JupyterHub to version 5.4.5 or newer, which contains a fix that correctly applies XSRF checks irrespective of the Sec‑Fetch‑Mode header.
  • If an upgrade cannot be performed immediately, configure any inbound reverse proxy to strip or reject requests that contain the Sec‑Fetch‑Mode: no‑cors header so that only genuine same‑origin requests reach JupyterHub.
  • For existing installations, limit form POSTs to trusted origins by adding a custom origin or referer check, and consider disabling the /hub/spawn and /hub/accept‑share endpoints if they are not required by the production workflow.

Generated by OpenCVE AI on May 22, 2026 at 21:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m68r-v472-jgq9 JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)
History

Fri, 22 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Jupyterhub
Jupyterhub jupyterhub
Vendors & Products Jupyterhub
Jupyterhub jupyterhub

Fri, 22 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection (updated in 4.1.0) inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attackers could trigger server spawn (but not access the server) and if the attacker is a JupyterHub user permitted to share access to their server, cause a user to accept a share and have access to the attacker's server. This issue has been fixed in version 5.4.5. If developers are unable to immediately upgrade, they can temporarily mitigate this issue by dropping requests to JupyterHub with Sec-Fetch-Mode: no-cors if they are using a reverse proxy.
Title JupyterHub: Cross-origin form POSTs bypass XSRF
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L'}

Subscriptions

Jupyterhub Jupyterhub
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-22T20:13:05.262Z

Reserved: 2026-04-15T15:57:41.717Z

Link: CVE-2026-40864

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-22T21:30:16Z

Weaknesses