Description
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user. This vulnerability is fixed in 4.5.7.
Published: 2026-05-13
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Untrusted HTML content can be embedded within a JupyterLab notebook cell. The notebook’s output rendering system includes a data-commandlinker attribute that, when clicked, causes JupyterLab’s command execution engine to invoke the specified command without verifying that the element originated from trusted UI components. Because the command linker can trigger any JupyterLab command—including those that execute arbitrary code—the attacker’s deceptive button can cause a single click to run code on the user’s machine. This flaw is a type of cross-site scripting that enables injection of privileged commands.

Affected Systems

The vulnerability applies to all releases of JupyterLab and Jupyter Notebook prior to version 4.5.7. Specifically, both the jupyter:notebook and jupyterlab:jupyterlab products are affected when the sanitization rules still allow data-commandlinker-command and data-commandlinker-args attributes on button elements.

Risk and Exploitability

The vulnerability has a CVSS score of 8.6, indicating a high severity. EPSS data is not available, and it is not listed in the CISA KEV catalog. The likely attack vector is a user opening a notebook containing maliciously crafted output; a single click on the deceptive button is sufficient to trigger the exploit. The impact is total loss of confidentiality, integrity, and availability for the authenticated user session. Given the lack of mitigation from the user side, the risk of exploitation in environments that accept untrusted notebooks is significant.

Generated by OpenCVE AI on May 13, 2026 at 17:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to JupyterLab 4.5.7 or later for all affected installations
  • For environments that cannot upgrade immediately, disable or remove data-commandlinker attributes from the HTML sanitizer configuration to prevent execution of commands from untrusted content
  • Audit and purge notebooks that may contain malicious HTML cells before sharing or executing them

Generated by OpenCVE AI on May 13, 2026 at 17:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mqcg-5x36-vfcg JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
History

Thu, 14 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 14 May 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Jupyter
Jupyter jupyterlab
Jupyter notebook
Vendors & Products Jupyter
Jupyter jupyterlab
Jupyter notebook

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user. This vulnerability is fixed in 4.5.7.
Title jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Jupyter Jupyterlab Notebook
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-14T17:59:11.711Z

Reserved: 2026-04-28T16:56:50.192Z

Link: CVE-2026-42557

cve-icon Vulnrichment

Updated: 2026-05-14T17:57:41.176Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-13T16:16:48.167

Modified: 2026-05-13T16:32:31.457

Link: CVE-2026-42557

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:30:15Z

Weaknesses