CVE-2026-44727 is a critical vulnerability in Jupyter Server, a backend for Jupyter web applications. Prior to version 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. This, combined with nbconvert.HTMLExporter's default non-sanitizing behavior, allows a notebook carrying an HTML pa [truncated]
CVE-2026-40934 is a session-revocation weakness in Jupyter Server versions 2.17.0 and earlier. Because the secret used to sign authentication cookies is stored in a static runtime file and is not rotated when a user changes their password, previously issued cookies can remain valid after a password reset and server restart. The issue is fixed in Jupyter Server 2.18.0.
CVE-2026-40110 is a Jupyter Server origin-validation flaw that can let an attacker bypass CORS restrictions when allow_origin_pat is used. The issue exists in Jupyter Server 2.17.0 and earlier because the Origin header check uses Python re.match(), which only anchors at the start of the string instead of requiring a full match. As a result, a pattern meant to allow trusted.example.com can also match attac [truncated]
CVE-2025-61669 is a medium-severity open redirect issue in Jupyter Server’s login flow. In affected versions through 2.17.0, an attacker can craft a login URL that redirects a user to an external site after authentication, which can be used for phishing and trust abuse. The issue is fixed in Jupyter Server 2.18.0.
