GHSA-rch3-82jr-f9w9

Source

https://github.com/advisories/GHSA-rch3-82jr-f9w9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rch3-82jr-f9w9/GHSA-rch3-82jr-f9w9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rch3-82jr-f9w9

Aliases

Related

CGA-pgrp-hf24-c5rh

Published

2026-04-30T17:25:47Z

Modified

2026-05-11T08:11:06.895404690Z

Severity

8.4 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Details

Impact

A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction).

The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: 1. Read all files 2. Modify/create files 3. Access running kernels and execute arbitrary code 4. Create terminals for shell access

Patches

Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability.

Workarounds

The help extension can be disabled via CLI:

jupyter labextension disable @jupyter-notebook/help-extension
jupyter labextension disable @jupyterlab/help-extension

Hardening

The patched versions include a toggle to disable the command linker functionality altogether, for example via overrides.json:

{
  "@jupyterlab/apputils-extension:sanitizer": {
    "allowCommandLinker": false
  }
}

Resources

https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files

Acknowledgments

Reported by Daniel Teixeira - NVIDIA AI Red Team

Database specific

{
    "cwe_ids": [
        "CWE-601",
        "CWE-79"
    ],
    "github_reviewed_at": "2026-04-30T17:25:47Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": "2026-05-06T20:16:31Z"
}

References

Affected packages

npm / @jupyter-notebook/help-extension

Package

Name: @jupyter-notebook/help-extension; View open source insights on deps.dev
Purl: pkg:npm/%40jupyter-notebook/help-extension

Affected ranges

Type: SEMVER
Events: Introduced

7.0.0

Fixed

7.5.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rch3-82jr-f9w9/GHSA-rch3-82jr-f9w9.json"

last_known_affected_version_range

"<= 7.5.5"

PyPI / notebook

Package

Name: notebook; View open source insights on deps.dev
Purl: pkg:pypi/notebook

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.5.6

Affected versions

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.1.0a0

7.1.0a1

7.1.0a2

7.1.0b0

7.1.0rc0

7.1.0rc1

7.1.0

7.1.1

7.1.2

7.1.3

7.2.0a0

7.2.0b0

7.2.0b1

7.2.0rc0

7.2.0rc1

7.2.0

7.2.1

7.2.2

7.2.3

7.3.0a0

7.3.0a1

7.3.0b0

7.3.0b1

7.3.0b2

7.3.0rc0

7.3.0

7.3.1

7.3.2

7.3.3

7.4.0a0

7.4.0a1

7.4.0a2

7.4.0a3

7.4.0b0

7.4.0b1

7.4.0b2

7.4.0b3

7.4.0rc0

7.4.0

7.4.1

7.4.2

7.4.3

7.4.4

7.4.5

7.4.6

7.4.7

7.5.0a0

7.5.0a1

7.5.0a2

7.5.0a3

7.5.0b0

7.5.0b1

7.5.0rc0

7.5.0rc1

7.5.0

7.5.1

7.5.2

7.5.3

7.5.4

7.5.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rch3-82jr-f9w9/GHSA-rch3-82jr-f9w9.json"

last_known_affected_version_range

"<= 7.5.5"

PyPI / jupyterlab

Package

Name: jupyterlab; View open source insights on deps.dev
Purl: pkg:pypi/jupyterlab

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.7

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.0.10

0.0.13

0.1.1

0.1.2

0.2.0

0.3.0

0.4.0

0.4.1

0.5.0

0.6.0

0.7.0

0.8.0

0.9.0

0.9.1

0.10.0

0.11.0

0.11.1

0.11.2

0.11.3

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.14.0

0.15.0

0.15.1

0.16.0

0.16.2

0.17.0

0.17.1

0.17.2

0.17.4

0.17.5

0.18.0.dev1

0.18.0

0.18.1

0.19.0

0.20.0rc1

0.20.0

0.20.1

0.20.2

0.20.3

0.20.4

0.21.0rc1

0.21.0rc2

0.21.0rc3

0.21.0rc4

0.21.0rc5

0.21.0

0.22.0rc0

0.22.0

0.22.1

0.23.0rc0

0.23.0rc1

0.23.0

0.23.1

0.23.2

0.24.0rc0

0.24.0rc1

0.24.0rc2

0.24.0

0.24.1

0.25.0rc0

0.25.0rc1

0.25.0

0.25.1

0.25.2rc0

0.25.2

0.26.0rc0

0.26.0rc1

0.26.0

0.26.1

0.26.2

0.26.3

0.26.4

0.26.5

0.27.0rc0

0.27.0rc1

0.27.0rc2

0.27.0rc3

0.27.0rc4

0.27.0rc5

0.27.0

0.27.1

0.27.2

0.28.0rc0

0.28.0rc1

0.28.0rc2

0.28.0rc3

0.28.0

0.28.1

0.28.2

0.28.3

0.28.4

0.28.5

0.28.6

0.28.7

0.28.8

0.28.10

0.28.11

0.28.12

0.28.13

0.28.14

0.28.15

0.29.0rc0

0.29.0

0.29.1

0.29.2

0.30.0rc0

0.30.0rc1

0.30.0

0.30.1

0.30.2

0.30.3

0.30.4

0.30.5

0.30.6

0.31.0rc0

0.31.0rc1

0.31.0rc2

0.31.0

0.31.1

0.31.2

0.31.3

0.31.4

0.31.5

0.31.6

0.31.7

0.31.8

0.31.9

0.31.10

0.31.11

0.31.12

0.32.0rc0

0.32.0rc1

0.32.0

0.32.1

0.33.0rc0

0.33.0rc1

0.33.0

0.33.1

0.33.2

0.33.3

0.33.4

0.33.5

0.33.6

0.33.7

0.33.8

0.33.9

0.33.10

0.33.11

0.33.12

0.34.0rc0

0.34.0rc1

0.34.0rc2

0.34.0

0.34.1

0.34.2

0.34.3

0.34.4

0.34.5

0.34.6

0.34.7

0.34.8

0.34.9

0.34.10

0.34.11

0.34.12

0.35.0rc0

0.35.0rc1

0.35.0rc2

0.35.0

0.35.1

0.35.2

0.35.3

0.35.4

0.35.5

0.35.6

1.*

1.0.0a0

1.0.0a1

1.0.0a2

1.0.0a3

1.0.0a4

1.0.0a5

1.0.0a6

1.0.0a7

1.0.0a8

1.0.0a9

1.0.0a10

1.0.0rc0

1.0.0rc1

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.9

1.0.10

1.1.0a0

1.1.0a1

1.1.0a2

1.1.0rc0

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.2.0a0

1.2.0a1

1.2.0a2

1.2.0a3

1.2.0rc0

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.2.10

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

1.2.16

1.2.17

1.2.18

1.2.19

1.2.20

1.2.21

2.*

2.0.0a0

2.0.0a1

2.0.0a3

2.0.0a4

2.0.0b1

2.0.0b2

2.0.0b3

2.0.0rc0

2.0.0rc1

2.0.0rc2

2.0.0

2.0.1rc0

2.0.1

2.0.2

2.1.0a0

2.1.0b0

2.1.0rc0

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.2.0a0

2.2.0a1

2.2.0rc1

2.2.0

2.2.1

2.2.2

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.3.0a0

2.3.0a1

2.3.0a2

2.3.0rc0

2.3.0

2.3.1

2.3.2

3.*

3.0.0a0

3.0.0a3

3.0.0a4

3.0.0a5

3.0.0a6

3.0.0a7

3.0.0a8

3.0.0a9

3.0.0a10

3.0.0a11

3.0.0a12

3.0.0a13

3.0.0a14

3.0.0b1

3.0.0b2

3.0.0b3

3.0.0b4

3.0.0b6

3.0.0b7

3.0.0b8

3.0.0rc0

3.0.0rc1

3.0.0rc2

3.0.0rc3

3.0.0rc4

3.0.0rc5

3.0.0rc6

3.0.0rc7

3.0.0rc8

3.0.0rc9

3.0.0rc10

3.0.0rc11

3.0.0rc12

3.0.0rc13

3.0.0rc14

3.0.0rc15

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.1.0a0

3.1.0a1

3.1.0a2

3.1.0a3

3.1.0a4

3.1.0a5

3.1.0a6

3.1.0a7

3.1.0a8

3.1.0a9

3.1.0a10

3.1.0a11

3.1.0a12

3.1.0a13

3.1.0b0

3.1.0b1

3.1.0rc1

3.1.0rc2

3.1.0

3.1.1

3.1.2

3.1.4

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

3.1.11

3.1.12

3.1.13

3.1.14

3.1.16

3.1.17

3.1.18

3.1.19

3.2.0a0

3.2.0a1

3.2.0b0

3.2.0rc0

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

3.2.9

3.3.0a1

3.3.0a2

3.3.0a3

3.3.0b0

3.3.0rc0

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.4.0a0

3.4.0b0

3.4.0rc0

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

3.5.0a0

3.5.0b0

3.5.0rc0

3.5.0

3.5.1

3.5.2

3.5.3

3.6.0a0

3.6.0a1

3.6.0a2

3.6.0a3

3.6.0a4

3.6.0a5

3.6.0b0

3.6.0rc0

3.6.0rc1

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.6.7

3.6.8

4.*

4.0.0a0

4.0.0a1

4.0.0a3

4.0.0a4

4.0.0a6

4.0.0a7

4.0.0a8

4.0.0a9

4.0.0a10

4.0.0a11

4.0.0a12

4.0.0a13

4.0.0a14

4.0.0a15

4.0.0a16

4.0.0a17

4.0.0a18

4.0.0a19

4.0.0a20

4.0.0a21

4.0.0a22

4.0.0a23

4.0.0a24

4.0.0a25

4.0.0a26

4.0.0a27

4.0.0a28

4.0.0a29

4.0.0a30

4.0.0a31

4.0.0a32

4.0.0a33

4.0.0a34

4.0.0a35

4.0.0a36

4.0.0b0

4.0.0b1

4.0.0b2

4.0.0rc0

4.0.0rc1

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.11

4.0.12

4.0.13

4.1.0a1

4.1.0a2

4.1.0a3

4.1.0a4

4.1.0b0

4.1.0b1

4.1.0b2

4.1.0rc0

4.1.0rc1

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.2.0a0

4.2.0a1

4.2.0a2

4.2.0b0

4.2.0b1

4.2.0b2

4.2.0b3

4.2.0rc0

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.3.0a0

4.3.0a1

4.3.0a2

4.3.0b0

4.3.0b1

4.3.0b2

4.3.0b3

4.3.0rc0

4.3.0rc1

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.3.7

4.3.8

4.4.0a0

4.4.0a1

4.4.0a2

4.4.0a3

4.4.0b0

4.4.0b1

4.4.0b2

4.4.0rc0

4.4.0rc1

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.4.9

4.4.10

4.5.0a0

4.5.0a1

4.5.0a2

4.5.0a3

4.5.0a4

4.5.0b0

4.5.0b1

4.5.0rc0

4.5.0rc1

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.5.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rch3-82jr-f9w9/GHSA-rch3-82jr-f9w9.json"

last_known_affected_version_range

"<= 4.5.6"

npm / @jupyterlab/help-extension

Package

Name: @jupyterlab/help-extension; View open source insights on deps.dev
Purl: pkg:npm/%40jupyterlab/help-extension

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rch3-82jr-f9w9/GHSA-rch3-82jr-f9w9.json"

last_known_affected_version_range

"<= 4.5.6"