CVE-2026-44180
Received Received - Intake

Privileged Kernel Execution in Jupyter Enterprise Gateway

Vulnerability report for CVE-2026-44180, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. Versions 2.0.0rc1 and above prior to 3.3.0 have a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root), and this restriction can be bypassed using a specially crafted KERNEL_UID or KERNEL_GID value. This input validation vulnerability allows running Jupyter kernels as root, which can be dangerous as it allows more attack surface, and may lead to container escapes, compromising the worker node and all workloads running on it. Repeated exploitation can compromise all worker nodes, and thus the entire Kubernetes cluster. It is possible to specify volume mounts, so one vector for a container escape is to use a hostPath R/W volume mount, use this UID/GID bypass to run as root, and then gain code execution in the underlying worker node by creating a crontab entry in the mounted host file system. This issue has been fixed in version 3.0.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
jupyter jupyter_enterprise_gateway to 3.3.0 (exc)
jupyter jupyter_enterprise_gateway From 2.0.0rc1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects Jupyter Enterprise Gateway, which runs remote Jupyter Notebook kernels on clusters like Kubernetes or Docker Swarm. Versions 2.0.0rc1 to 3.2.x have a feature that blocks launching kernels as root (UID/GID 0) by default. However, an attacker can bypass this restriction by crafting specific KERNEL_UID or KERNEL_GID values, allowing kernel execution as root. This grants elevated privileges, increasing attack surface and risk of container escapes.

Impact Analysis

Exploiting this flaw allows running Jupyter kernels as root, enabling attackers to escape containers and compromise worker nodes. This could lead to full control over the Kubernetes cluster, unauthorized access to data, and disruption of workloads. Attackers might also mount hostPath volumes to gain code execution in the underlying system.

Mitigation Strategies

Upgrade Jupyter Enterprise Gateway to version 3.3.0 or later to address the UID/GID bypass vulnerability. Ensure no running kernels are using root privileges and review any custom KERNEL_UID or KERNEL_GID configurations for suspicious values.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44180. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart