CVE-2026-33709

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions JupyterHub versions prior to 5.4.4

Description A flaw in JupyterHub allows attackers to create links that redirect users to a JupyterHub login page, and then to an attacker-controlled site instead of a legitimate JupyterHub page. This bypasses JupyterHub's security checks.

Recommendations Upgrade to JupyterHub version 5.4.4.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

BIT-JUPYTERHUB-2026-33709

CVE-2026-33709

GHSA-3VFF-HJQV-M7H8

Affected Products

Jupyterhub

CVE-2026-33709

Weakness Enumeration

Related Identifiers

Affected Products

References · 11