PatchSiren cyber security CVE debrief
CVE-2026-40864 jupyterhub CVE debrief
A cross-site request forgery (XSRF) bypass vulnerability exists in JupyterHub versions 4.1.0 through 5.4.4. The XSRF protection mechanism introduced in version 4.1.0 incorrectly classifies requests bearing the `Sec-Fetch-Mode: no-cors` header as same-origin, allowing XSRF checks to be bypassed. The JSON API is not affected; only HTTP form endpoints are impacted, specifically `/hub/spawn` and `/hub/accept-share`. An attacker can exploit this to trigger server spawning (without gaining access to the spawned server) or, if the attacker is an authorized JupyterHub user with sharing permissions, cause a victim to accept a share and gain access to the attacker's server. The vulnerability is rated CVSS 5.4 (Medium). A fix is available in version 5.4.5.
- Vendor
- jupyterhub
- Product
- Unknown
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-22
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-22
- Advisory updated
- 2026-05-26
Who should care
Organizations running JupyterHub multi-user notebook servers, particularly those with external user access or public-facing deployments. Security teams responsible for web application security and XSRF/CSRF protections. DevOps engineers managing JupyterHub infrastructure and reverse proxy configurations.
Technical summary
The vulnerability stems from improper origin validation in JupyterHub's XSRF protection logic. The `Sec-Fetch-Mode` header, part of the Fetch Metadata Request Headers specification, indicates the mode of a request. The value `no-cors` is used for cross-origin requests that do not trigger CORS preflight. JupyterHub's XSRF middleware incorrectly interprets `Sec-Fetch-Mode: no-cors` as indicative of a same-origin request, causing it to skip XSRF token validation. This allows forged requests to form-based endpoints. The JSON API endpoints are unaffected as they employ different authentication mechanisms. The attack scenarios are limited: server spawning requires no additional privileges but yields no server access to the attacker; the share acceptance attack requires the attacker to be a legitimate user with sharing permissions, resulting in the victim accessing the attacker's server rather than the attacker accessing the victim's resources.
Defensive priority
medium
Recommended defensive actions
- Upgrade JupyterHub to version 5.4.5 or later to remediate this vulnerability.
- If immediate upgrade is not feasible, configure the reverse proxy to drop or block incoming requests to JupyterHub that contain the `Sec-Fetch-Mode: no-cors` header.
- Review access logs for suspicious requests to `/hub/spawn` or `/hub/accept-share` endpoints containing `Sec-Fetch-Mode: no-cors` that may indicate attempted exploitation.
- Audit user sharing permissions and review recent share acceptances for unauthorized access patterns.
Evidence notes
Vulnerability description and affected versions derived from official CVE record and GitHub Security Advisory. CVSS vector and score from NVD source data. Fix version and mitigation guidance confirmed via GitHub advisory.
Official resources
2026-05-22