PT-2026-33879 · Nbconvert · Nconvert

Published

2026-04-21

Updated

2026-05-09

CVE-2026-39378

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions nbconvert versions 6.5 through 7.17.0

Description The nbconvert tool converts Jupyter notebooks to various formats using Jinja templates. When the HTMLExporter.embed images variable is set to True, the markdown renderer allows arbitrary file read through path traversal in image references. This allows a malicious notebook to exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML.

Recommendations Update to version 7.17.1. As a temporary workaround, do not enable the HTMLExporter.embed images variable.

Fix

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22CWE-73

Related Identifiers

CVE-2026-39378

GHSA-7JQV-FW35-GMX9

OESA-2026-2195

OESA-2026-2196

OESA-2026-2215

OPENSUSE-SU-2026:10603-1

Affected Products

Nconvert

PT-2026-33879 · Nbconvert · Nconvert

CVE-2026-39378

Weakness Enumeration

Related Identifiers

Affected Products

References · 25