CVE-2026-44181
Received Received - Intake

Jupyter Enterprise Gateway SSTI Leads to Remote Code Execution

Vulnerability report for CVE-2026-44181, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables (KERNEL_XXX) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can use or steal the Kubernetes service account token, which can steal Kubernetes secrets and be used to fully compromise the Kubernetes cluster by scheduling a privileged pod or a pod with a hostPath volume mount. This issue has been fixed in version 3.3.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
jupyter enterprise_gateway to 3.3.0 (exc)
jupyter enterprise_gateway 3.3.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1336 The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Jupyter Enterprise Gateway versions 2.0.0rc2 to 3.2.x are vulnerable to Server Side Template Injection (SSTI) due to improper handling of environment variables (KERNEL_XXX) used in Kubernetes manifest rendering. Attackers can inject Jinja2 template expressions to execute arbitrary Python code and OS commands within the Enterprise Gateway service.

Detection Guidance

To detect this vulnerability, check if your Jupyter Enterprise Gateway version is between 2.0.0rc2 and 3.2.x. Run: kubectl get pods -n <namespace> -l app=enterprise-gateway to list pods. Then verify the version with: kubectl exec <pod-name> -- jupyter enterprisegateway --version. If the version is below 3.3.0, the system is vulnerable.

Impact Analysis

This vulnerability allows attackers to execute malicious code on the Enterprise Gateway service, potentially stealing Kubernetes service account tokens. Attackers could then access Kubernetes secrets, compromise the cluster by scheduling privileged pods, or mount hostPath volumes to gain full control over the system.

Mitigation Strategies

Upgrade Jupyter Enterprise Gateway to version 3.3.0 or later immediately. If upgrading is not possible, restrict network access to the Enterprise Gateway service and disable untrusted user access. Review Kubernetes service account permissions and remove unnecessary privileges to limit potential damage.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44181. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart