Description
A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the start of the string. This allows attacker-controlled domains such as `trusted.example.com.evil.com` to pass validation against patterns intended to match `trusted.example.com`. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.
Published: 2026-06-03
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a CORS origin‑validation bypass that occurs when jupyter‑server uses the allow_origin_pat configuration. The underlying weakness involves CWE‑346: trusted content perceived equivocation, because re.match() only anchors at the start of the string, permitting attacker‑controlled domains such as trusted.example.com.evil.com to pass the check intended for trusted.example.com. Additionally, the vulnerability includes CWE‑625: improper input validation, as the server fails to validate the entire input with a full match, allowing malicious Origin headers to be accepted. This allows malicious sites to craft Origin headers that the server accepts, enabling phishing, unauthorized API access, and potentially triggering arbitrary code execution through cross‑site request forgery or other downstream logic.

Affected Systems

All Ubuntu, Windows, macOS or other platforms that run jupyter‑server versions 1.12.0 through 2.17.0 are affected. The vulnerability concerns the Jupyter team’s jupyter‑server package; no specific operating system restrictions apply beyond normal deployment environments.

Risk and Exploitability

The CVSS score of 6.1 indicates medium severity, and the EPSS score of 0.00022 points to the exploitation probability being very low but nonzero. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote HTTP or WebSocket requests that set a malicious Origin header; any external domain can exploit the bug by sending crafted requests that satisfy the allow_origin_pat regex. If unmitigated, attackers could conduct phishing campaigns, retrieve sensitive API data, or exploit downstream execution paths that depend on trusted origins.

Generated by OpenCVE AI on June 5, 2026 at 13:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade jupyter‑server to the latest release where the allow_origin_pat regex matching is corrected to anchor both ends of the pattern.
  • If an upgrade cannot be performed immediately, remove or disable the allow_origin_pat configuration or tighten the regular expression so that it does not permit subdomain suffixes such as .evil.com.
  • Deploy a network‑level proxy rule that strips or rewrites suspicious Origin headers before they reach jupyter‑server, ensuring that only validated origins are forwarded.

Generated by OpenCVE AI on June 5, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-625
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

threat_severity

Moderate

Fri, 05 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Jupyter
Jupyter jupyter Server
Vendors & Products Jupyter
Jupyter jupyter Server

Wed, 03 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the start of the string. This allows attacker-controlled domains such as `trusted.example.com.evil.com` to pass validation against patterns intended to match `trusted.example.com`. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.
Title CORS Origin Validation Bypass in jupyter-server
Weaknesses CWE-346
References
Metrics cvssV3_0

{'score': 6.1, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Jupyter Jupyter Server
cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2026-06-03T17:25:20.310Z

Reserved: 2026-04-20T08:13:54.544Z

Link: CVE-2026-6657

cve-icon Vulnrichment

Updated: 2026-06-03T17:24:00.205Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-03T16:16:31.710

Modified: 2026-06-04T15:25:53.963

Link: CVE-2026-6657

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-03T15:06:56Z

Links: CVE-2026-6657 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T14:00:17Z

Weaknesses
  • CWE-346

    Origin Validation Error

  • CWE-625

    Permissive Regular Expression