CVE-2026-42266
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.8 / 10
Vulnerability Description
JupyterHub has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
pip
Product
jupyterlab
External References
- https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4
- https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7
- https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html
- https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations
- https://github.com/advisories/GHSA-37w4-hwhx-4rc4
Discussion (0)
Add Comment
No comments yet. Be the first!