CVE-2026-6657 - Vulnerability Details

- CORS Origin Validation Bypass in jupyter-server

Description

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the start of the string. This allows attacker-controlled domains such as `trusted.example.com.evil.com` to pass validation against patterns intended to match `trusted.example.com`. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.

Published: 2026-06-03

Score: 6.1 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is a CORS origin‑validation bypass that occurs when jupyter‑server uses the allow_origin_pat configuration. The underlying weakness is CWE‑346: trusted content perceived equivocation, because re.match() only anchors at the start of the string, permitting attacker‑controlled domains such as trusted.example.com.evil.com to pass the check intended for trusted.example.com. This allows malicious sites to craft Origin headers that the server accepts, enabling phishing, unauthorized API access, and potentially triggering arbitrary code execution through cross‑site request forgery or other downstream logic.

Affected Systems

All Ubuntu, Windows, macOS or other platforms that run jupyter‑server versions 1.12.0 through 2.17.0 are affected. The vulnerability concerns the Jupyter team’s jupyter‑server package; no specific operating system restrictions apply beyond normal deployment environments.

Risk and Exploitability

The CVSS score of 6.1 indicates medium severity, but the lack of available EPSS data means the exploitation probability is unknown. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote HTTP or WebSocket requests that set a malicious Origin header; any external domain can exploit the bug by sending crafted requests that satisfy the allow_origin_pat regex. If unmitigated, attackers could conduct phishing campaigns, retrieve sensitive API data, or exploit downstream execution paths that depend on trusted origins.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

jupyter

jupyter/jupyter

affected

Version	Status	Constraints
`unspecified`	affected	≤ latest

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade jupyter-server to the latest release where the allow_origin_pat regex matching is corrected to anchor both ends of the pattern.
If an upgrade cannot be performed immediately, remove or disable the allow_origin_pat configuration or tighten the regular expression so that it does not permit subdomain suffixes such as .evil.com.
Deploy a network‑level proxy rule that strips or rewrites suspicious Origin headers before they reach jupyter-server, ensuring that only validated origins are forwarded.

Generated by OpenCVE AI on June 3, 2026 at 18:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://huntr.com/bounties/18f642db-3569-43b3-b58d-ff97be4b09d7

History

Wed, 03 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 03 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the start of the string. This allows attacker-controlled domains such as `trusted.example.com.evil.com` to pass validation against patterns intended to match `trusted.example.com`. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.
Title		CORS Origin Validation Bypass in jupyter-server
Weaknesses		CWE-346
References		https://huntr.com/bounties/18f642db-3569-43b3-b58d-ff97be4b09d7
Metrics		cvssV3_0 `{'score': 6.1, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2026-06-03T15:06:56.598Z

Updated: 2026-06-03T17:25:20.310Z

Reserved: 2026-04-20T08:13:54.544Z

Link: CVE-2026-6657

Vulnrichment

Updated: 2026-06-03T17:24:00.205Z

NVD

Status : Received

Published: 2026-06-03T16:16:31.710

Modified: 2026-06-03T18:16:30.027

Link: CVE-2026-6657

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-03T18:30:36Z

Weaknesses

CWE-346

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object