PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-44181 jupyter-server CVE debrief

CVE-2026-44181 is a Server Side Template Injection vulnerability in Jupyter Enterprise Gateway versions 2.0.0rc2 through 3.2.x before 3.3.0. The vulnerability allows for the execution of Python code and OS commands via Jinja2 template expressions in environment variables used during Kubernetes manifest rendering. This can lead to the theft of Kubernetes service account tokens, potentially compromising the Kubernetes cluster. The issue was fixed in version 3.3.0. Affected users should update to the latest version and review their Kubernetes configurations.

Vendor
jupyter-server
Product
enterprise_gateway
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Users of Jupyter Enterprise Gateway versions 2.0.0rc2 through 3.2.x should update to version 3.3.0. Kubernetes administrators and security teams should be aware of the potential for cluster compromise if the service account token is stolen. They should review and restrict access to Kubernetes service account tokens and monitor for suspicious activity in Kubernetes clusters.

Technical summary

The vulnerability exists in the environment variables (KERNEL_XXX) used during Kubernetes manifest rendering in Jupyter Enterprise Gateway. By including Jinja2 template expressions, an attacker can execute Python code and OS commands in the Enterprise Gateway service. This can be used to steal Kubernetes service account tokens, which can then be used to schedule privileged pods or pods with hostPath volume mounts, potentially fully compromising the Kubernetes cluster. Users should ensure they are running version 3.3.0 or later to mitigate this vulnerability.

Defensive priority

High

Recommended defensive actions

  • Update Jupyter Enterprise Gateway to version 3.3.0 or later
  • Review and restrict access to Kubernetes service account tokens
  • Monitor for suspicious activity in Kubernetes clusters
  • Implement compensating controls to limit potential damage from stolen tokens
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-16T23:16:16.453Z and has not been modified since then. The NVD entry is currently being reviewed. Limited source detail is available, and defenders should verify the affected scope and severity with the official CVE record and vendor advisories.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T23:16:16.453Z and has not been modified since then.