CVE-2026-44727

Name of the Vulnerable Software and Affected Versions jupyter-server versions prior to 2.20.0

Description The nbconvert HTTP handlers render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy (CSP), which is a security layer that helps detect and mitigate certain types of attacks. Combined with the default non-sanitizing behavior of nbconvert.HTMLExporter, a notebook containing an HTML payload in a display data output can trigger stored Cross-Site Scripting (XSS). This allows an authenticated attacker to achieve full session takeover, token exfiltration to another domain, and kernel Remote Code Execution (RCE). The issue is triggered when a victim navigates to the endpoint "/nbconvert/html/".

Recommendations Update to version 2.20.0. As a temporary workaround, add the following configuration to jupyter server config.py to implement the sandbox directive: import jupyter server.nbconvert.handlers as nb

def csp(self): return super(type(self), self).content security policy + "; sandbox allow-scripts"

nb.NbconvertFileHandler.content security policy = property( csp) nb.NbconvertPostHandler.content security policy = property( csp)