CVE-2026-39377
Received Received - Intake

Path Traversal in Jupyter nbconvert Allows Arbitrary File Write

Vulnerability report for CVE-2026-39377, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-21

Last updated on: 2026-04-23

Assigner: GitHub, Inc.

Description

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-21
Last Modified
2026-04-23
Generated
2026-07-06
AI Q&A
2026-04-21
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
jupyter nbconvert From 6.5.0 (inc) to 7.17.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-39377 is a vulnerability in the nbconvert tool used to convert Jupyter notebooks to other formats. It affects versions 6.5 through 7.17.0 and allows attackers to write arbitrary files outside the intended output directory by exploiting crafted cell attachment filenames.

The vulnerability exists because the ExtractAttachmentsPreprocessor component passes attachment filenames directly to the filesystem without sanitizing them. This enables path traversal attacks, where an attacker can include sequences like "../" in filenames to control the destination path, filename, file extension, and file content.

Compliance Impact

The vulnerability in nbconvert allows arbitrary file writes via path traversal, enabling attackers to overwrite critical files or inject malicious code on the filesystem accessible by the nbconvert process.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the ability to write arbitrary files and potentially alter system integrity could lead to violations of data integrity and security requirements mandated by these regulations.

Specifically, regulations like GDPR and HIPAA require protection of data integrity and prevention of unauthorized system modifications. This vulnerability could undermine those protections if exploited, potentially resulting in non-compliance.

Impact Analysis

This vulnerability allows an attacker to write files with arbitrary content to any location on the filesystem accessible by the nbconvert process. This can lead to overwriting critical files or injecting malicious code.

The attack requires no privileges and has low complexity but does require user interaction, specifically processing a crafted notebook.

The impact is high on integrity since attackers can modify files, but it does not affect confidentiality or availability.

Detection Guidance

This vulnerability can be detected by inspecting Jupyter notebooks processed by nbconvert for crafted cell attachment filenames containing path traversal sequences such as "../".

Since the vulnerability involves arbitrary file writes via crafted attachment filenames, you can look for notebooks that include attachments with suspicious filenames that attempt to traverse directories.

There are no specific commands provided in the resources to detect this vulnerability automatically.

A manual approach could include searching notebook files for attachment filenames containing "../" or other path traversal patterns, for example using grep:

  • grep -r '\.attachments' /path/to/notebooks | grep '\.\.\/'

Additionally, monitoring filesystem writes by nbconvert processes for unexpected file creations outside the intended output directories could help detect exploitation attempts.

Mitigation Strategies

The primary mitigation is to upgrade nbconvert to version 7.17.1 or later, where this vulnerability is patched.

As an immediate workaround, you can disable the ExtractAttachmentsPreprocessor by setting the configuration option:

  • c.ExtractAttachmentsPreprocessor.enabled = False

This disables the vulnerable component that processes attachment filenames without sanitization, preventing exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39377. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart