Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.

AI Analysis

Stored XSS vulnerability in Jupyter Server via missing sandbox CSP, allowing kernel RCE and cookie access

Basic Information

ID CVE-2026-44727

Source GitHub_M

Published Jun 22, 2026 at 19:56

Affected Product

Vendor jupyter-server

Product jupyter_server

Version < 2.20

Affected Versions jupyter-server jupyter_server < 2.20

CWE Classification

CWE-79 CWE-1021

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Project Jupyter

Product Jupyter Server

Version < 2.20

References

{
    "lastseen": "",
    "description": "Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.",
    "published": "2026-06-22T19:56:56.776Z",
    "modified": "2026-06-22T19:56:56.776Z",
    "type": "cve",
    "title": "Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP",
    "source": "GitHub_M",
    "references": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp\nhttps://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd",
    "id": "CVE-2026-44727",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-1021"
    ],
    "cvelist": null,
    "sourceData": "jupyter-server jupyter_server < 2.20",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "jupyter_server",
    "version": "< 2.20",
    "vendor": "jupyter-server",
    "ai_description": "Stored XSS vulnerability in Jupyter Server via missing sandbox CSP, allowing kernel RCE and cookie access",
    "ai_severity": "Critical",
    "ai_vendor": "Project Jupyter",
    "ai_product": "Jupyter Server",
    "ai_version": "< 2.20",
    "ai_score": 9.3
}

Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP_CVE-2026-44727