JupyterHub deployments using LTI 1.1 authentication are vulnerable to memory exhaustion DoS — an attacker with any valid LTI consumer key can crash the server by flooding it with unique nonces before signature verification occurs. Patch to jupyterhub-ltiauthenticator 1.6.3 immediately and treat LTI consumer keys as high-value secrets requiring rotation. Risk is limited to availability; no data exfiltration is possible via this vector.
What is the risk?
Medium severity (CVSS 5.9) with high attack complexity gated on possessing a valid LTI consumer key. In practice, consumer keys in academic and enterprise Jupyter deployments are often weakly controlled — hardcoded in LMS configs, shared across teams, or exposed in public repositories — lowering the real-world bar significantly. Impact is purely availability; no confidentiality or integrity risk. Not in CISA KEV, no known active exploitation.
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| Jupyter | pip | <= 1.6.2 | 1.6.3 |
Do you use Jupyter? You're affected.
How severe is it?
What is the attack surface?
What should I do?
5 steps-
Upgrade jupyterhub-ltiauthenticator to 1.6.3 — the only complete fix.
-
Rotate all LTI consumer keys immediately as a precaution in case keys are compromised.
-
If patching is delayed, rate-limit POST requests to the LTI launch endpoint at the reverse proxy (nginx/Caddy) with burst limits.
-
Implement memory alerting on the JupyterHub process (alert at >80% heap growth over baseline).
-
Audit all systems with access to LTI consumer keys; revoke any unnecessary key distributions.
What does CISA's SSVC say?
Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.
How is it classified?
Which compliance frameworks are affected?
This CVE is relevant to:
Frequently Asked Questions
What is CVE-2026-34052?
JupyterHub deployments using LTI 1.1 authentication are vulnerable to memory exhaustion DoS — an attacker with any valid LTI consumer key can crash the server by flooding it with unique nonces before signature verification occurs. Patch to jupyterhub-ltiauthenticator 1.6.3 immediately and treat LTI consumer keys as high-value secrets requiring rotation. Risk is limited to availability; no data exfiltration is possible via this vector.
Is CVE-2026-34052 actively exploited?
No confirmed active exploitation of CVE-2026-34052 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-34052?
1. Upgrade jupyterhub-ltiauthenticator to 1.6.3 — the only complete fix. 2. Rotate all LTI consumer keys immediately as a precaution in case keys are compromised. 3. If patching is delayed, rate-limit POST requests to the LTI launch endpoint at the reverse proxy (nginx/Caddy) with burst limits. 4. Implement memory alerting on the JupyterHub process (alert at >80% heap growth over baseline). 5. Audit all systems with access to LTI consumer keys; revoke any unnecessary key distributions.
What systems are affected by CVE-2026-34052?
This vulnerability affects the following AI/ML architecture patterns: ML development environments, training pipelines, collaborative AI platforms.
What is the CVSS score for CVE-2026-34052?
CVE-2026-34052 has a CVSS v3.1 base score of 5.9 (MEDIUM). The EPSS exploitation probability is 0.33%.
What is the AI security impact?
Affected AI Architectures
MITRE ATLAS Techniques
AML.T0029 Denial of AI Service AML.T0034 Cost Harvesting AML.T0049 Exploit Public-Facing Application Compliance Controls Affected
What are the technical details?
Original Advisory
## Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. ## Patches - upgrade jupyterhub-litauthenticator to 1.6.3
Exploitation Scenario
Attacker obtains a valid LTI consumer key via phishing a faculty member, finding it hardcoded in a public GitHub repo, or extracting it from a misconfigured LMS. They script a high-volume loop sending LTI 1.1 launch requests to JupyterHub with unique OAuth nonces on each request. Each nonce is stored in the class-level dictionary before signature validation runs, meaning even malformed requests pollute memory. After thousands of requests, the JupyterHub process exhausts available RAM, the server crashes, and all active ML sessions — including long-running training jobs — are terminated simultaneously.
Weaknesses (CWE)
CWE-401 Missing Release of Memory after Effective Lifetime
Primary
CWE-770 Allocation of Resources Without Limits or Throttling
Primary
CWE-401 — Missing Release of Memory after Effective Lifetime: The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
- [Implementation] Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
- [Architecture and Design] Use an abstraction library to abstract away risky APIs. Not a complete solution.
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References
Timeline
Related Vulnerabilities
CVE-2023-25574 10.0 JupyterHub LTI13: JWT forgery enables full auth bypass
Same package: jupyter CVE-2026-44180 9.8 Jupyter Enterprise Gateway: root privilege bypass in Kubernetes
Same package: jupyter CVE-2026-23537 9.1 Feast: unauth file write to RCE via /save-document
Same package: jupyter CVE-2026-44727 9.0 jupyter-server: stored XSS yields kernel RCE
Same package: jupyter CVE-2026-42557 8.8 JupyterLab: one-click RCE via notebook HTML cell output
Same package: jupyter