UBUNTU-CVE-2026-6658

Source
https://ubuntu.com/security/CVE-2026-6658
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6658.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-6658
Upstream
  • CVE-2026-6658
Published
2026-06-26T10:16:00Z
Modified
2026-06-29T23:19:16.925317999Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized text/vnd.mermaid output in HTML exports. The data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the <pre> tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export.

References

Affected packages

Ubuntu:18.04:LTS
nbconvert

Package

Name
nbconvert
Purl
pkg:deb/ubuntu/nbconvert?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*
4.2.0-4
5.*
5.3.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "jupyter-nbconvert",
            "binary_version": "5.3.1-1"
        },
        {
            "binary_name": "python-nbconvert",
            "binary_version": "5.3.1-1"
        },
        {
            "binary_name": "python3-nbconvert",
            "binary_version": "5.3.1-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6658.json"
Ubuntu:20.04:LTS
nbconvert

Package

Name
nbconvert
Purl
pkg:deb/ubuntu/nbconvert?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*
5.4-2ubuntu2
5.6.0-1
5.6.0-2
5.6.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "jupyter-nbconvert",
            "binary_version": "5.6.1-1"
        },
        {
            "binary_name": "python3-nbconvert",
            "binary_version": "5.6.1-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6658.json"
Ubuntu:22.04:LTS
nbconvert

Package

Name
nbconvert
Purl
pkg:deb/ubuntu/nbconvert?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*
5.6.1-3
6.*
6.1.0-1
6.3.0-1
6.4.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "jupyter-nbconvert",
            "binary_version": "6.4.0-1"
        },
        {
            "binary_name": "python3-nbconvert",
            "binary_version": "6.4.0-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6658.json"
Ubuntu:24.04:LTS
nbconvert

Package

Name
nbconvert
Purl
pkg:deb/ubuntu/nbconvert?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*
6.5.3-4
6.5.3-5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "jupyter-nbconvert",
            "binary_version": "6.5.3-5"
        },
        {
            "binary_name": "python3-nbconvert",
            "binary_version": "6.5.3-5"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6658.json"
Ubuntu:25.10
nbconvert

Package

Name
nbconvert
Purl
pkg:deb/ubuntu/nbconvert?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*
7.16.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "jupyter-nbconvert",
            "binary_version": "7.16.6-1"
        },
        {
            "binary_name": "python3-nbconvert",
            "binary_version": "7.16.6-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6658.json"
Ubuntu:26.04:LTS
nbconvert

Package

Name
nbconvert
Purl
pkg:deb/ubuntu/nbconvert?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*
7.16.6-1
7.17.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "jupyter-nbconvert",
            "binary_version": "7.17.0-1"
        },
        {
            "binary_name": "python3-nbconvert",
            "binary_version": "7.17.0-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6658.json"