CVE-2026-44727
Received Received - Intake
Stored XSS in Jupyter Server via nbconvert HTML Output

Publication date: 2026-06-22

Last updated on: 2026-06-22

Assigner: GitHub, Inc.

Description
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-22
Last Modified
2026-06-22
Generated
2026-06-23
AI Q&A
2026-06-23
EPSS Evaluated
N/A
NVD
CVE-2026-44727
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jupyter jupyter_server to 2.20 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-1021 The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Jupyter Server versions prior to 2.20, specifically in the nbconvert HTTP handlers. These handlers render user-authored notebook HTML without including a sandbox directive in their Content-Security-Policy. Because the default behavior of nbconvert.HTMLExporter does not sanitize HTML content, a notebook containing malicious HTML payloads in display_data output can trigger stored cross-site scripting (XSS). This XSS allows attackers to access cookies, gain full authority over the /api/* endpoints, and execute remote code on the kernel.

Compliance Impact

This vulnerability allows stored cross-site scripting (XSS) with cookie access, full API authority, and remote code execution on the kernel. Such security flaws can lead to unauthorized access to sensitive data and system control, which may result in violations of data protection regulations like GDPR and HIPAA that require strict controls on data confidentiality and system integrity.

Specifically, the ability to access cookies and execute code remotely could expose personal or protected health information, undermining compliance with these standards.

Impact Analysis

The impact of this vulnerability is severe. An attacker can exploit the stored XSS to steal authentication cookies, which can lead to unauthorized access. They can also gain full control over the Jupyter Server API endpoints and execute arbitrary code on the kernel, potentially compromising the entire system running the Jupyter Server.

Mitigation Strategies

The vulnerability is fixed in Jupyter Server version 2.20. To mitigate this vulnerability, you should upgrade your jupyter_server to version 2.20 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44727. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart