Description
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.
Published: 2026-05-13
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates in the Extension Manager’s enforcement of the allowed_extensions_uris allow‑list. Between JupyterLab versions 4.0.0 and 4.5.6, the allow‑list was not effectively applied, allowing an attacker to send a POST request to install an extension from any PyPI package, not just those on the default index. This bypass enables installation of malicious extensions, which can execute code within the JupyterLab server or the user’s browser, achieving remote code execution. The weakness is described by CWE‑602 and CWE‑88.

Affected Systems

All JupyterLab installations from version 4.0.0 through 4.5.6 are vulnerable. The issue is fixed starting with version 4.5.7.

Risk and Exploitability

The CVSS score of 8.8 classifies this as a high‑severity vulnerability. The EPSS score is 0.0007 (<1%), indicating a very low probability of exploitation, and it is not listed in the CISA KEV catalog. The likely attack vector is an unauthenticated or authenticated POST request to the Extension Manager API, which requires network access to the JupyterLab server. Successful exploitation would allow the adversary to deliver malicious code via an installed extension.

Generated by OpenCVE AI on May 21, 2026 at 02:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade JupyterLab to version 4.5.7 or later, which enforces the extension allow‑list correctly.
  • If an immediate upgrade is not possible, temporarily block or restrict access to the Extension Manager POST endpoint using a firewall or reverse‑proxy rule to prevent unauthorized extension installations.
  • Configure the allowed_extensions_uris setting to whitelist only trusted PyPI indexes and enforce that only those URIs can be used for extension installation.

Generated by OpenCVE AI on May 21, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-37w4-hwhx-4rc4 JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
History

Tue, 26 May 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:*:*:*

Thu, 21 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7. JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.
Title jupyterlab: Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request. JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.
References

Thu, 14 May 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Jupyter
Jupyter jupyterlab
Vendors & Products Jupyter
Jupyter jupyterlab

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.
Title jupyterlab: Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.
Weaknesses CWE-602
CWE-88
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Jupyter Jupyterlab
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-21T00:41:24.140Z

Reserved: 2026-04-26T11:53:27.706Z

Link: CVE-2026-42266

cve-icon Vulnrichment

Updated: 2026-05-13T15:28:48.878Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-13T16:16:47.017

Modified: 2026-05-26T18:33:19.667

Link: CVE-2026-42266

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T03:00:10Z

Weaknesses