CVE-2026-35397: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in jupyter-server jupyter_server
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.
AI Analysis
Technical Summary
CVE-2026-35397 is a path traversal vulnerability (CWE-22) in Jupyter Server's REST API affecting versions prior to 2.18.0. An authenticated user can exploit this flaw by crafting requests to the /api/contents endpoint with encoded path components to escape the configured root_dir and access sibling directories whose names begin with the same prefix as root_dir. This enables unauthorized file operations including reading, writing, and deleting files in those sibling directories. Multi-tenant deployments with predictable directory naming are especially vulnerable. Version 2.18.0 contains a fix for this issue.
Potential Impact
An authenticated user can bypass directory restrictions to access and manipulate files in sibling directories that share a prefix with the root directory. This could lead to unauthorized disclosure, modification, or deletion of files across tenant boundaries in multi-tenant environments. The CVSS 4.0 score is 7.6 (high severity), reflecting network attack vector, low attack complexity, and high impact on confidentiality and integrity.
Mitigation Recommendations
Version 2.18.0 of jupyter_server contains a fix for this vulnerability and should be applied to remediate the issue. Until the update can be applied, administrators should ensure that folder names do not share common prefixes with sibling directories to reduce the risk of exploitation.
CVE-2026-35397: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in jupyter-server jupyter_server
Description
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.
CVSS v4.0
Score 7.6high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-35397 is a path traversal vulnerability (CWE-22) in Jupyter Server's REST API affecting versions prior to 2.18.0. An authenticated user can exploit this flaw by crafting requests to the /api/contents endpoint with encoded path components to escape the configured root_dir and access sibling directories whose names begin with the same prefix as root_dir. This enables unauthorized file operations including reading, writing, and deleting files in those sibling directories. Multi-tenant deployments with predictable directory naming are especially vulnerable. Version 2.18.0 contains a fix for this issue.
Potential Impact
An authenticated user can bypass directory restrictions to access and manipulate files in sibling directories that share a prefix with the root directory. This could lead to unauthorized disclosure, modification, or deletion of files across tenant boundaries in multi-tenant environments. The CVSS 4.0 score is 7.6 (high severity), reflecting network attack vector, low attack complexity, and high impact on confidentiality and integrity.
Mitigation Recommendations
Version 2.18.0 of jupyter_server contains a fix for this vulnerability and should be applied to remediate the issue. Until the update can be applied, administrators should ensure that folder names do not share common prefixes with sibling directories to reduce the risk of exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-02T17:03:42.074Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fa4dc2cbff5d86102152b2
Added to database: 5/5/2026, 8:06:26 PM
Last enriched: 5/13/2026, 3:35:26 AM
Last updated: 6/20/2026, 8:43:54 AM
Views: 75
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.