CVE-2026-44727

描述

The nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their `Content-Security-Policy`. Combined with `nbconvert.HTMLExporter`'s default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. ### Impact An authenticated victim who navigates to `/nbconvert/html/<path>` containing attacker-authored output can have their token exfiltrated to another domain because it is executed in the Jupyter origin. ### Patches Fixed in v2.20.0, commit [6cbee8d](https://github.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd) ### Workarounds For deployments where editing the installed jupyter_server is impractical (containerized builds, read-only images), adding this to jupyter_server_config.py has the same effect as the patch above without touching source files: ``` import jupyter_server.nbconvert.handlers as _nb def _csp(self): return super(type(self), self).content_security_policy + "; sandbox allow-scripts" _nb.NbconvertFileHandler.content_security_policy = property(_csp) _nb.NbconvertPostHandler.content_security_policy = property(_csp) ```

如何修補 CVE-2026-44727

要修補 CVE-2026-44727,請將受影響套件升級到下列已修補版本。

• —升級至 2.20.0 或更新版本

CVE-2026-44727 正在被利用嗎?

目前沒有被利用訊號。CVE-2026-44727 既不在 CISA KEV 也沒有最新的 EPSS 分數。

受影響套件(1)

• from 0, < 2.20.0

CVSS 分數

參考連結(3)

• PATCHgithub.com/jupyter-server/jupyter_server
• WEBgithub.com/jupyter-server/jupyter_server/commit/6cbee8d65e71abac851c4492fea987ad080580bd
• WEBgithub.com/jupyter-server/jupyter_server/security/advisories/GHSA-fcw5-x6j4-ccmp