GHSA-c336-7962-wfj2

Source

https://github.com/advisories/GHSA-c336-7962-wfj2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-c336-7962-wfj2/GHSA-c336-7962-wfj2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c336-7962-wfj2

Aliases

CVE-2026-23528

Published

2026-01-16T16:58:16Z

Modified

2026-01-16T19:25:12.299767Z

Severity

5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard

Details

Impact

When Jupyter Lab, jupyter-server-proxy and Dask distributed are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard.

It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel.

In order for a user to be impacted they must be running Jupyter Lab locally on the default port (with the jupyter-server-proxy) and a Dask distributed cluster on the default port. Then they would need to click the link which would execute the malicious code.

Patches

This has been fixed in the 2026.1.1 release. All users should upgrade to this version.

Mitigations

There are no known workarounds for this bug. The only complete solution is to upgrade to a newer release of Dask. However, there are a few things you could do to reduce your risk.

It is possible to avoid code execution via Jupyter by uninstalling the jupyter-server-proxy and accessing the Dask dashboard directly at it's URL. However, it is still possible for an attacker to craft a URL that executes JavaScript in the user's browser in the Dask dashboard. Which is still a moderate vulnerability. Therefore we recommend all users upgrade to the latest Dask release.

Another potential mitigation is to ensure both Jupyter and the Dask dashboard are running on non-standard ports. While this doesn't resolve the problem it reduces the chance of this being exploited. If an attacker knew which ports you were using they could still craft a malicious URL, but it would require a more targeted attack.

Database specific

{
    "nvd_published_at": "2026-01-16T17:15:54Z",
    "cwe_ids": [
        "CWE-250",
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-16T16:58:16Z",
    "severity": "MODERATE"
}

References

Affected packages

PyPI / distributed

Package

Name: distributed; View open source insights on deps.dev
Purl: pkg:pypi/distributed

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2026.1.1

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.3.0

1.3.1

1.3.2

1.3.3

1.4.0

1.5.0

1.6.0

1.6.1

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.8.0

1.8.1

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.10.0

1.10.1

1.10.2

1.11.0

1.11.1

1.11.2

1.11.3

1.12.0

1.12.1

1.12.2

1.13.0

1.13.1

1.13.2

1.13.3

1.14.0

1.14.1

1.14.3

1.15.0rc1

1.15.0

1.15.1

1.15.2

1.16.0

1.16.1

1.16.2

1.16.3

1.17.0

1.17.1

1.18.0

1.18.1

1.18.2

1.18.3

1.19.0

1.19.1

1.19.2

1.19.3

1.20.0

1.20.1

1.20.2

1.21.0

1.21.1

1.21.2

1.21.3

1.21.4

1.21.5

1.21.6

1.21.7

1.21.8

1.22.0

1.22.1

1.23.0

1.23.1

1.23.2

1.23.3

1.24.0

1.24.1

1.24.2

1.25.0

1.25.1

1.25.2

1.25.3

1.26.0

1.26.1

1.27.0

1.27.1

1.28.0

1.28.1

2.*

2.0.1

2.1.0

2.2.0

2.3.0

2.3.1

2.3.2

2.4.0

2.5.0

2.5.1

2.5.2

2.6.0

2.7.0

2.8.0

2.8.1

2.9.0

2.9.1

2.9.2

2.9.3

2.10.0

2.11.0

2.12.0

2.13.0

2.14.0

2.15.0

2.15.1

2.15.2

2.16.0

2.17.0

2.18.0

2.19.0

2.20.0

2.21.0

2.22.0

2.23.0

2.24.0

2.25.0

2.26.0

2.27.0

2.28.0

2.29.0

2.30.0

2.30.1

2020.*

2020.12.0

2021.*

2021.1.0

2021.1.1

2021.2.0

2021.3.0

2021.3.1

2021.4.0

2021.4.1

2021.5.0

2021.5.1

2021.6.0

2021.6.1

2021.6.2

2021.7.0

2021.7.1

2021.7.2

2021.8.0

2021.8.1

2021.9.0

2021.9.1

2021.10.0

2021.11.0

2021.11.1

2021.11.2

2021.12.0

2022.*

2022.1.0

2022.1.1

2022.2.0

2022.2.1

2022.3.0

2022.4.0

2022.4.1

2022.4.2

2022.5.0

2022.5.1

2022.5.2

2022.6.0

2022.6.1

2022.7.0

2022.7.1

2022.8.0

2022.8.1

2022.9.0

2022.9.1

2022.9.2

2022.10.0

2022.10.1

2022.10.2

2022.11.0

2022.11.1

2022.12.0

2022.12.1

2023.*

2023.1.0

2023.1.1

2023.2.0

2023.2.1

2023.3.0

2023.3.1

2023.3.2

2023.3.2.1

2023.4.0

2023.4.1

2023.5.0

2023.5.1

2023.6.0

2023.6.1

2023.7.0

2023.7.1

2023.8.0

2023.8.1

2023.9.0

2023.9.1

2023.9.2

2023.9.3

2023.10.0

2023.10.1

2023.11.0

2023.12.0

2023.12.1

2024.*

2024.1.0

2024.1.1

2024.2.0

2024.2.1

2024.3.0

2024.3.1

2024.4.0

2024.4.1

2024.4.2

2024.5.0

2024.5.1

2024.5.2

2024.6.0

2024.6.1

2024.6.2

2024.7.0

2024.7.1

2024.8.0

2024.8.1

2024.8.2

2024.9.0

2024.9.1

2024.10.0

2024.11.0

2024.11.1

2024.11.2

2024.12.0

2024.12.1

2025.*

2025.1.0

2025.2.0

2025.3.0

2025.4.0

2025.4.1

2025.5.0

2025.5.1

2025.7.0

2025.9.0

2025.9.1

2025.10.0

2025.11.0

2025.12.0

2026.*

2026.1.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-c336-7962-wfj2/GHSA-c336-7962-wfj2.json"