CVE-2026-40171: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in jupyter notebook
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with attacker-controlled notebook content to steal authentication tokens with a single click. An attacker can craft a malicious notebook file containing elements that appear indistinguishable from legitimate controls and trigger execution when a user interacts with them. Successful exploitation allows theft of the user's authentication token and complete takeover of the Jupyter session through the REST API, including reading files, creating or modifying files, accessing kernels to execute arbitrary code, and creating terminals for shell access. This issue has been fixed in Notebook 7.5.6, JupyterLab 4.5.7, @jupyter-notebook/help-extension 7.5.6, and @jupyterlab/help-extension 4.5.7. As a workaround, disable the affected help extensions or set allowCommandLinker to false in the sanitizer configuration.
AI Analysis
Technical Summary
CVE-2026-40171 is a high-severity stored cross-site scripting vulnerability (CWE-79) affecting Jupyter Notebook (7.0.0 to 7.5.5), JupyterLab (up to 4.5.6), and associated help-extension packages. The vulnerability is in the help command linker component, which can be chained with attacker-controlled notebook content to steal authentication tokens with a single user interaction. Exploitation allows an attacker to fully compromise the Jupyter session via the REST API, including file system access, code execution, and terminal creation. The vulnerability is fixed in Notebook 7.5.6, JupyterLab 4.5.7, and help-extension versions 7.5.6 and 4.5.7. Workarounds include disabling the vulnerable help extensions or setting allowCommandLinker to false in the sanitizer configuration. No known exploits in the wild have been reported at this time.
Potential Impact
Successful exploitation results in theft of the user's authentication token, enabling complete takeover of the Jupyter session through the REST API. This includes the ability to read and modify files, execute arbitrary code via kernels, and create terminals for shell access, posing a significant risk to confidentiality, integrity, and availability of the affected environment.
Mitigation Recommendations
A fix is available in Jupyter Notebook 7.5.6, JupyterLab 4.5.7, and the corresponding help-extension packages 7.5.6 and 4.5.7. Users should upgrade to these versions to remediate the vulnerability. As a temporary workaround, disabling the affected help extensions or setting allowCommandLinker to false in the sanitizer configuration can mitigate the risk until updates are applied.
CVE-2026-40171: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in jupyter notebook
Description
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with attacker-controlled notebook content to steal authentication tokens with a single click. An attacker can craft a malicious notebook file containing elements that appear indistinguishable from legitimate controls and trigger execution when a user interacts with them. Successful exploitation allows theft of the user's authentication token and complete takeover of the Jupyter session through the REST API, including reading files, creating or modifying files, accessing kernels to execute arbitrary code, and creating terminals for shell access. This issue has been fixed in Notebook 7.5.6, JupyterLab 4.5.7, @jupyter-notebook/help-extension 7.5.6, and @jupyterlab/help-extension 4.5.7. As a workaround, disable the affected help extensions or set allowCommandLinker to false in the sanitizer configuration.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40171 is a high-severity stored cross-site scripting vulnerability (CWE-79) affecting Jupyter Notebook (7.0.0 to 7.5.5), JupyterLab (up to 4.5.6), and associated help-extension packages. The vulnerability is in the help command linker component, which can be chained with attacker-controlled notebook content to steal authentication tokens with a single user interaction. Exploitation allows an attacker to fully compromise the Jupyter session via the REST API, including file system access, code execution, and terminal creation. The vulnerability is fixed in Notebook 7.5.6, JupyterLab 4.5.7, and help-extension versions 7.5.6 and 4.5.7. Workarounds include disabling the vulnerable help extensions or setting allowCommandLinker to false in the sanitizer configuration. No known exploits in the wild have been reported at this time.
Potential Impact
Successful exploitation results in theft of the user's authentication token, enabling complete takeover of the Jupyter session through the REST API. This includes the ability to read and modify files, execute arbitrary code via kernels, and create terminals for shell access, posing a significant risk to confidentiality, integrity, and availability of the affected environment.
Mitigation Recommendations
A fix is available in Jupyter Notebook 7.5.6, JupyterLab 4.5.7, and the corresponding help-extension packages 7.5.6 and 4.5.7. Users should upgrade to these versions to remediate the vulnerability. As a temporary workaround, disabling the affected help extensions or setting allowCommandLinker to false in the sanitizer configuration can mitigate the risk until updates are applied.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-09T19:31:56.015Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fb9bbdcbff5d8610414ea2
Added to database: 5/6/2026, 7:51:25 PM
Last enriched: 5/6/2026, 8:06:24 PM
Last updated: 5/7/2026, 8:13:13 AM
Views: 17
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.