AI Threat Alert AI Threat Alert

CVE-2026-33709

GHSA-3vff-hjqv-m7h8 MEDIUM
Published April 3, 2026

## Affected Version JupyterHub <= 5.4.3 ## Impact An open redirect vulnerability in JupyterHub <=5.4.3 allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
jupyterhub pip <= 5.4.3 5.4.4

Do you use jupyterhub? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Recommended Action

Patch available

Update jupyterhub to version 5.4.4

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

## Affected Version JupyterHub <= 5.4.3 ## Impact An open redirect vulnerability in JupyterHub <=5.4.3 allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrary attacker-controlled site outside JupyterHub instead of a JupyterHub page, bypassing JupyterHub's check to prevent this. ## Patches Upgrade to JupyterHub 5.4.4 ## Workarounds A deployment can apply filters on the Location header in a reverse proxy such as nginx/apache/traefik.

Weaknesses (CWE)

CWE-601 URL Redirection to Untrusted Site ('Open Redirect') Primary

References

Timeline

Published
April 3, 2026
Last Modified
April 3, 2026
First Seen
April 4, 2026
Back to Threat Feed