CVE-2026-35397
Path Traversal in Jupyter Server REST API
Publication date: 2026-05-05
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jupyter | jupyter_server | to 2.18.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35397 is a path traversal vulnerability in Jupyter Server versions 2.17.0 and earlier. It allows an authenticated user to escape the configured root directory and access sibling directories that share the same prefix as the root directory.
For example, if the root directory is named "test", an attacker can access a sibling directory named "testtest" by crafting a request to the /api/contents endpoint using encoded path components.
This vulnerability enables the attacker to read, write, and delete files in these sibling directories.
Multi-tenant deployments with predictable naming schemes (like user1, user2, etc.) are especially vulnerable, as a user with a directory named "user1" could access directories such as "user10" through "user19".
The issue was fixed in version 2.18.0, and as a workaround, users are advised to avoid folder names that share common prefixes with sibling directories.
How can this vulnerability impact me? :
This vulnerability can have a significant impact on confidentiality and integrity of data stored in Jupyter Server.
An attacker with authenticated access can read, modify, or delete files in sibling directories outside their authorized root directory.
In multi-tenant environments, this means one user could access or tamper with another user's files, potentially leading to data breaches or loss.
The vulnerability requires low privileges and no user interaction, making it easier to exploit.
The impact on availability is low, but the risk to data confidentiality and integrity is high.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves path traversal through the Jupyter Server REST API, specifically the /api/contents endpoint. Detection involves checking if authenticated users can access sibling directories that share a prefix with the configured root_dir.
One way to detect this is to attempt crafted API requests to /api/contents with encoded path components that try to access sibling directories with names starting with the root_dir prefix.
For example, if the root_dir is named "test", you can try sending authenticated HTTP requests to the server's /api/contents endpoint requesting paths like "testtest" or similar prefixes to see if access is granted.
Specific commands would depend on your environment, but a curl command example might be:
- curl -H "Authorization: token YOUR_AUTH_TOKEN" "http://your-jupyter-server/api/contents/testtest"
If the response returns directory contents or file data from the sibling directory, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade Jupyter Server to version 2.18.0 or later, where this vulnerability is fixed.
As a workaround, ensure that folder names do not share a common prefix with any sibling directory to prevent unauthorized access via path traversal.
In multi-tenant deployments, avoid predictable naming schemes that allow users to guess sibling directory names.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated users to access, read, write, and delete files in sibling directories outside the configured root directory, potentially exposing sensitive data belonging to other users in multi-tenant environments.
Such unauthorized access and potential data exposure can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls on data confidentiality and integrity.
Therefore, if exploited, this vulnerability could compromise compliance with these standards by failing to adequately protect personal or sensitive information.