CVE-2026-42557

Name of the Vulnerable Software and Affected Versions JupyterLab versions prior to 4.5.7 Jupyter Notebook versions prior to 7.5.6

Description The HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements. Because CommandLinker listens for all click events on document.body and executes named commands without verifying if the element originated from a trusted UI, a notebook with pre-saved HTML cell output containing a deceptive button can trigger arbitrary commands. This can lead to arbitrary code execution, file deletion, or server denial of availability by opening multiple kernels or terminals upon a single user click. In Chromium-based browsers, multi-click attacks combined with clipboard access may allow full terminal access. The attack surface may increase in environments with third-party frontend extensions that provide additional commands.

Recommendations Update to version 4.5.7 or newer. Update to version 7.5.6 or newer. For downstream applications inheriting from JupyterFrontEnd or JupyterLab, disable CommandLinker by passing the commandLinker: new CommandLinker({ commands: new CommandRegistry() }) option during initialization. Disable the command linker functionality via overrides.json by setting @jupyterlab/apputils-extension:sanitizer with allowCommandLinker set to false.