Description

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.

Severity (CVSS)

Base score9.3
SeverityCritical
VersionCVSS 4.0
VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Provided byCNA

Weaknesses

  • CWE-79 — CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-1021 — CWE-1021: Improper Restriction of Rendered UI Layers or Frames

Affected products

VendorProductVersions
jupyter-serverjupyter_server< 2.20

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 23 Jun 2026 10:05 UTC.