CVE-2026-39377
Received Received - Intake
Path Traversal in Jupyter nbconvert Allows Arbitrary File Write

Publication date: 2026-04-21

Last updated on: 2026-04-23

Assigner: GitHub, Inc.

Description
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39377
EUVD
EUVD-2026-24023
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jupyter nbconvert From 6.5.0 (inc) to 7.17.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in nbconvert allows arbitrary file writes via path traversal, enabling attackers to overwrite critical files or inject malicious code on the filesystem accessible by the nbconvert process.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the ability to write arbitrary files and potentially alter system integrity could lead to violations of data integrity and security requirements mandated by these regulations.

Specifically, regulations like GDPR and HIPAA require protection of data integrity and prevention of unauthorized system modifications. This vulnerability could undermine those protections if exploited, potentially resulting in non-compliance.

Executive Summary

CVE-2026-39377 is a vulnerability in the nbconvert tool used to convert Jupyter notebooks to other formats. It affects versions 6.5 through 7.17.0 and allows attackers to write arbitrary files outside the intended output directory by exploiting crafted cell attachment filenames.

The vulnerability exists because the ExtractAttachmentsPreprocessor component passes attachment filenames directly to the filesystem without sanitizing them. This enables path traversal attacks, where an attacker can include sequences like "../" in filenames to control the destination path, filename, file extension, and file content.

Impact Analysis

This vulnerability allows an attacker to write files with arbitrary content to any location on the filesystem accessible by the nbconvert process. This can lead to overwriting critical files or injecting malicious code.

The attack requires no privileges and has low complexity but does require user interaction, specifically processing a crafted notebook.

The impact is high on integrity since attackers can modify files, but it does not affect confidentiality or availability.

Detection Guidance

This vulnerability can be detected by inspecting Jupyter notebooks processed by nbconvert for crafted cell attachment filenames containing path traversal sequences such as "../".

Since the vulnerability involves arbitrary file writes via crafted attachment filenames, you can look for notebooks that include attachments with suspicious filenames that attempt to traverse directories.

There are no specific commands provided in the resources to detect this vulnerability automatically.

A manual approach could include searching notebook files for attachment filenames containing "../" or other path traversal patterns, for example using grep:

  • grep -r '\.attachments' /path/to/notebooks | grep '\.\.\/'

Additionally, monitoring filesystem writes by nbconvert processes for unexpected file creations outside the intended output directories could help detect exploitation attempts.

Mitigation Strategies

The primary mitigation is to upgrade nbconvert to version 7.17.1 or later, where this vulnerability is patched.

As an immediate workaround, you can disable the ExtractAttachmentsPreprocessor by setting the configuration option:

  • c.ExtractAttachmentsPreprocessor.enabled = False

This disables the vulnerable component that processes attachment filenames without sanitization, preventing exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39377. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart