CVE-2026-44727
published 2026-06-22CVE-2026-44727: Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML…
PriorityP430medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.23%
13.3th percentile
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jupyter-server | >= 0 < 2.20.0 | 2.20.0 |
| jupyter-server | jupyter_server | < 2.20 | 2.20 |
| jupyter | jupyter_server | < 2.20.0 | 2.20.0 |
| mta | mta-solution-server-rhel9 | — | — |
| rhoai | odh-th06-cpu-torch210-py312-rhel9 | — | — |
| rhoai | odh-th06-cpu-torch291-py312-rhel9 | — | — |
| rhoai | odh-th06-cuda130-torch210-py312-rhel9 | — | — |
| rhoai | odh-th06-cuda130-torch291-py312-rhel9 | — | — |
| rhoai | odh-th06-rocm64-torch291-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-datascience-cpu-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-minimal-cpu-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-minimal-cuda-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-minimal-rocm-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-pytorch-cuda-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-pytorch-rocm-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-tensorflow-cuda-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-tensorflow-rocm-py312-rhel9 | — | — |
| rhoai | odh-workbench-jupyter-trustyai-cpu-py312-rhel9 | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
ghsa·2026-06-18
CVE-2026-44727 [CRITICAL] CWE-1021 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`.
Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE.
### Impact
An authenticated victim who navigates to `/nbconvert/html/` containing attacker-authored output can have their token exfiltrated to another domain because it is executed in the Jupyter origin.
### Patches
Fixed in v2.20.0, commit [6cbee8d](https://github.com/jupyter-server/jupyter_server/commit
Red Hat
jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers
vendor_redhat·2026-06-22·CVSS 5.4
CVE-2026-44727 [MEDIUM] CWE-79 jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers
jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.
A flaw was found in Jupyter Server. The nbconvert HTTP handlers in Jupyter Server render user-authored notebook HTML without a sandbox directive in their Content-Security-Policy. This, combined with
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-44]
bugzilla·2026-06-23·CVSS 9.3
CVE-2026-44727 [CRITICAL] CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-44]
CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-44]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-43]
bugzilla·2026-06-23·CVSS 9.3
CVE-2026-44727 [CRITICAL] CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-43]
CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [epel-all]
bugzilla·2026-06-23·CVSS 9.3
CVE-2026-44727 [CRITICAL] CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [epel-all]
CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-44]
bugzilla·2026-06-23·CVSS 9.3
CVE-2026-44727 [CRITICAL] CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-44]
CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-44]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [epel-all]
bugzilla·2026-06-23·CVSS 9.3
CVE-2026-44727 [CRITICAL] CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [epel-all]
CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-all]
bugzilla·2026-06-23·CVSS 9.3
CVE-2026-44727 [CRITICAL] CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-all]
CVE-2026-44727 python-jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-43]
bugzilla·2026-06-23·CVSS 9.3
CVE-2026-44727 [CRITICAL] CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-43]
CVE-2026-44727 python-jupyter-server-terminals: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-44727 jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers
bugzilla·2026-06-22·CVSS 5.4
CVE-2026-44727 [MEDIUM] CVE-2026-44727 jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers
CVE-2026-44727 jupyter-server: Jupyter Server: Remote Code Execution via stored Cross-Site Scripting in nbconvert handlers
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.
https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bdhttps://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmphttps://access.redhat.com/security/cve/CVE-2026-44727https://bugzilla.redhat.com/show_bug.cgi?id=2491516https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44727.json
2026-06-22
Published