CVE-2026-33709 — Open Redirect in Jupyterhub

CWE-601 — Open Redirect7 documents6 sources

Severity

5.1MEDIUMNVD

EPSS

0.1%

top 83.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jupyterhub

Timeline

PublishedApr 3

Description

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a JupyterHub page, bypassing JupyterHub's check to prevent this. This issue has been patched in version 5.4.4.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5jupyterhub/jupyterhub< 5.4.4

▶PyPIjupyterhub/jupyterhub< 5.4.4

🔴Vulnerability Details

OSV

CVE-2026-33709: JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks↗2026-04-03

▶

CVEList

JupyterHub has an Open Redirect Vulnerability↗2026-04-03

▶

OSV

JupyterHub has an Open Redirect Vulnerability↗2026-04-03

▶

GHSA

JupyterHub has an Open Redirect Vulnerability↗2026-04-03

▶

📋Vendor Advisories

Debian

CVE-2026-33709: jupyterhub - JupyterHub is software that allows one to create a multi-user server for Jupyter...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-33709 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶