CVE-2026-39377
Path Traversal in Jupyter nbconvert Allows Arbitrary File Write
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jupyter | nbconvert | From 6.5.0 (inc) to 7.17.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in nbconvert allows arbitrary file writes via path traversal, enabling attackers to overwrite critical files or inject malicious code on the filesystem accessible by the nbconvert process.
While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the ability to write arbitrary files and potentially alter system integrity could lead to violations of data integrity and security requirements mandated by these regulations.
Specifically, regulations like GDPR and HIPAA require protection of data integrity and prevention of unauthorized system modifications. This vulnerability could undermine those protections if exploited, potentially resulting in non-compliance.
Can you explain this vulnerability to me?
CVE-2026-39377 is a vulnerability in the nbconvert tool used to convert Jupyter notebooks to other formats. It affects versions 6.5 through 7.17.0 and allows attackers to write arbitrary files outside the intended output directory by exploiting crafted cell attachment filenames.
The vulnerability exists because the ExtractAttachmentsPreprocessor component passes attachment filenames directly to the filesystem without sanitizing them. This enables path traversal attacks, where an attacker can include sequences like "../" in filenames to control the destination path, filename, file extension, and file content.
How can this vulnerability impact me? :
This vulnerability allows an attacker to write files with arbitrary content to any location on the filesystem accessible by the nbconvert process. This can lead to overwriting critical files or injecting malicious code.
The attack requires no privileges and has low complexity but does require user interaction, specifically processing a crafted notebook.
The impact is high on integrity since attackers can modify files, but it does not affect confidentiality or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting Jupyter notebooks processed by nbconvert for crafted cell attachment filenames containing path traversal sequences such as "../".
Since the vulnerability involves arbitrary file writes via crafted attachment filenames, you can look for notebooks that include attachments with suspicious filenames that attempt to traverse directories.
There are no specific commands provided in the resources to detect this vulnerability automatically.
A manual approach could include searching notebook files for attachment filenames containing "../" or other path traversal patterns, for example using grep:
- grep -r '\.attachments' /path/to/notebooks | grep '\.\.\/'
Additionally, monitoring filesystem writes by nbconvert processes for unexpected file creations outside the intended output directories could help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade nbconvert to version 7.17.1 or later, where this vulnerability is patched.
As an immediate workaround, you can disable the ExtractAttachmentsPreprocessor by setting the configuration option:
- c.ExtractAttachmentsPreprocessor.enabled = False
This disables the vulnerable component that processes attachment filenames without sanitization, preventing exploitation.