PYSEC-2026-2682

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/notebook/PYSEC-2026-2682.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2682
Aliases
Published
2026-07-13T15:02:55.678760Z
Modified
2026-07-13T16:42:47.886298772Z
Severity
  • 8.4 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
Details

Impact

A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction).

The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: 1. Read all files 2. Modify/create files 3. Access running kernels and execute arbitrary code 4. Create terminals for shell access

Patches

Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability.

Workarounds

The help extension can be disabled via CLI:

jupyter labextension disable @jupyter-notebook/help-extension
jupyter labextension disable @jupyterlab/help-extension

Hardening

The patched versions include a toggle to disable the command linker functionality altogether, for example via overrides.json:

{
  "@jupyterlab/apputils-extension:sanitizer": {
    "allowCommandLinker": false
  }
}

Resources

  • https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files

Acknowledgments

Reported by Daniel Teixeira - NVIDIA AI Red Team

References

Affected packages

PyPI / notebook

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.5.6

Affected versions

7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.0.8
7.1.0a0
7.1.0a1
7.1.0a2
7.1.0b0
7.1.0rc0
7.1.0rc1
7.1.0
7.1.1
7.1.2
7.1.3
7.2.0a0
7.2.0b0
7.2.0b1
7.2.0rc0
7.2.0rc1
7.2.0
7.2.1
7.2.2
7.2.3
7.3.0a0
7.3.0a1
7.3.0b0
7.3.0b1
7.3.0b2
7.3.0rc0
7.3.0
7.3.1
7.3.2
7.3.3
7.4.0a0
7.4.0a1
7.4.0a2
7.4.0a3
7.4.0b0
7.4.0b1
7.4.0b2
7.4.0b3
7.4.0rc0
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
7.4.7
7.5.0a0
7.5.0a1
7.5.0a2
7.5.0a3
7.5.0b0
7.5.0b1
7.5.0rc0
7.5.0rc1
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.5.5

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/notebook/PYSEC-2026-2682.yaml"