CVE-2026-39377

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N                                    

Vulnerability Description

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch.

Vulnerability Details

Published Date

April 21, 2026

Last Modified

April 21, 2026

CWE ID

CWE-22

Source

NVD

Vendor

jupyter

Product

nbconvert

External References

https://github.com/jupyter/nbconvert/releases/tag/v7.17.1
https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg

CVE-2026-39377

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment