CVE-2026-40171

Description

### Impact A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction). The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: 1. Read all files 2. Modify/create files 3. Access running kernels and execute arbitrary code 4. Create terminals for shell access ### Patches Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability. ### Workarounds The help extension can be disabled via CLI: ``` jupyter labextension disable @jupyter-notebook/help-extension jupyter labextension disable @jupyterlab/help-extension ``` ### Hardening The patched versions include a toggle to disable the command linker functionality altogether, for example via `overrides.json`: ```json { "@jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } } ``` ### Resources - https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files ### Acknowledgments Reported by Daniel Teixeira - NVIDIA AI Red Team

Affected packages (9)

• Bitnami/jupyter-base-notebook>= 7.0.0, < 7.5.6
• Bitnami/jupyterlabfrom 0, < 4.5.7
• Bitnami/jupyter-notebook>= 7.0.0, < 7.5.6
• Debian/jupyterlabfrom 0
• Debian/jupyter-notebookfrom 0
• npm/@jupyterlab/help-extensionfrom 0, < 4.5.7
• npm/@jupyter-notebook/help-extension>= 7.0.0, < 7.5.6
• PyPI/jupyterlabfrom 0, < 4.5.7
• PyPI/notebook>= 7.0.0, < 7.5.6

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-40171
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-40171
• PATCHhttps://github.com/jupyter/notebook
• WEBhttps://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9
• WEBhttps://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files