Compliance Impact

This vulnerability allows authenticated users to access, read, write, and delete files in sibling directories outside the configured root directory, potentially exposing sensitive data belonging to other users in multi-tenant environments.

Such unauthorized access and potential data exposure can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls on data confidentiality and integrity.

Therefore, if exploited, this vulnerability could compromise compliance with these standards by failing to adequately protect personal or sensitive information.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-35397 is a path traversal vulnerability in Jupyter Server versions 2.17.0 and earlier. It allows an authenticated user to escape the configured root directory and access sibling directories that share the same prefix as the root directory.

For example, if the root directory is named "test", an attacker can access a sibling directory named "testtest" by crafting a request to the /api/contents endpoint using encoded path components.

This vulnerability enables the attacker to read, write, and delete files in these sibling directories.

Multi-tenant deployments with predictable naming schemes (like user1, user2, etc.) are especially vulnerable, as a user with a directory named "user1" could access directories such as "user10" through "user19".

The issue was fixed in version 2.18.0, and as a workaround, users are advised to avoid folder names that share common prefixes with sibling directories.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a significant impact on confidentiality and integrity of data stored in Jupyter Server.

An attacker with authenticated access can read, modify, or delete files in sibling directories outside their authorized root directory.

In multi-tenant environments, this means one user could access or tamper with another user's files, potentially leading to data breaches or loss.

The vulnerability requires low privileges and no user interaction, making it easier to exploit.

The impact on availability is low, but the risk to data confidentiality and integrity is high.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves path traversal through the Jupyter Server REST API, specifically the /api/contents endpoint. Detection involves checking if authenticated users can access sibling directories that share a prefix with the configured root_dir.

One way to detect this is to attempt crafted API requests to /api/contents with encoded path components that try to access sibling directories with names starting with the root_dir prefix.

For example, if the root_dir is named "test", you can try sending authenticated HTTP requests to the server's /api/contents endpoint requesting paths like "testtest" or similar prefixes to see if access is granted.

Specific commands would depend on your environment, but a curl command example might be:

• curl -H "Authorization: token YOUR_AUTH_TOKEN" "http://your-jupyter-server/api/contents/testtest"

If the response returns directory contents or file data from the sibling directory, the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade Jupyter Server to version 2.18.0 or later, where this vulnerability is fixed.

As a workaround, ensure that folder names do not share a common prefix with any sibling directory to prevent unauthorized access via path traversal.

In multi-tenant deployments, avoid predictable naming schemes that allow users to guess sibling directory names.

Useful 0 Not Useful 0