CVE-2026-39378
Path Traversal in Jupyter nbconvert HTMLExporter Enables File Exfiltration
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jupyter | nbconvert | From 6.5.0 (inc) to 7.17.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-39378 is a moderate severity vulnerability in the Python package nbconvert, specifically in versions 6.5 through 7.17.0. It occurs when the HTMLExporter component is used with the option `embed_images=True`.
In this mode, nbconvert's markdown renderer improperly handles image references, allowing an attacker to perform arbitrary file reads via path traversal. This means that a malicious Jupyter notebook can include specially crafted image references that cause nbconvert to read files outside the intended directory.
When nbconvert converts the notebook to HTML with image embedding enabled, it reads arbitrary files from the host filesystem and embeds their contents as base64-encoded data URIs in the output HTML, effectively exfiltrating sensitive files from the conversion host.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized disclosure of sensitive files from the host system by embedding them into HTML output, which can lead to exfiltration of confidential data.
Such unauthorized data exposure can negatively impact compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding sensitive personal and health information against unauthorized access and disclosure.
Therefore, exploitation of this vulnerability could result in violations of these regulations due to the potential leakage of protected data.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive files from the host where nbconvert is run.
An attacker can exploit this by providing a malicious Jupyter notebook that, when converted to HTML with image embedding enabled, causes nbconvert to read and embed arbitrary files from the filesystem.
The impact is a high confidentiality breach, as sensitive data can be exfiltrated without requiring any privileges or complex conditions, only user interaction to convert the malicious notebook.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the version of the nbconvert package installed on your system and whether the HTMLExporter is configured with embed_images=True.
- Run a command to check the nbconvert version, for example: `pip show nbconvert` or `pip list | grep nbconvert`.
- Inspect your nbconvert configuration or scripts to see if the HTMLExporter is used with the option `embed_images=True` enabled.
There are no specific network detection commands provided, but monitoring for conversion of untrusted notebooks with this setting enabled can help identify potential exploitation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade nbconvert to version 7.17.1 or later where the issue is fixed.
Alternatively, ensure that the HTMLExporter option `embed_images` is not enabled, as it is disabled by default.