HIGH
jupyterlab
CVE published 2026-05-13
CVE-2026-42266
CVE-2026-42266 affects JupyterLab versions 4.0.0 through 4.5.6. The issue is an enforcement failure in the PyPI Extension Manager allow-list: allowed_extensions_uris is not correctly enforced, and the Extension Manager was not contained to packages listed on the default PyPI index. The issue is fixed in JupyterLab 4.5.7. Based on the published CVSS vector, this is a high-severity issue with network attack [truncated]