AI Threat Alert

CVE-2026-34052: ltiauthenticator: OAuth nonce leak causes server DoS

GHSA-8mxq-7xr7-2fxj MEDIUM
Published April 3, 2026
CISO Take

JupyterHub deployments using LTI 1.1 authentication are vulnerable to memory exhaustion DoS — an attacker with any valid LTI consumer key can crash the server by flooding it with unique nonces before signature verification occurs. Patch to jupyterhub-ltiauthenticator 1.6.3 immediately and treat LTI consumer keys as high-value secrets requiring rotation. Risk is limited to availability; no data exfiltration is possible via this vector.

What is the risk?

Medium severity (CVSS 5.9) with high attack complexity gated on possessing a valid LTI consumer key. In practice, consumer keys in academic and enterprise Jupyter deployments are often weakly controlled — hardcoded in LMS configs, shared across teams, or exposed in public repositories — lowering the real-world bar significantly. Impact is purely availability; no confidentiality or integrity risk. Not in CISA KEV, no known active exploitation.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
jupyterhub-ltiauthenticator pip <= 1.6.2 1.6.3

Do you use jupyterhub-ltiauthenticator? You're affected.

Severity & Risk

CVSS 3.1
5.9 / 10
EPSS
0.1%
chance of exploitation in 30 days
Higher than 19% of all CVEs
Source: EPSS v3 — FIRST.org
Exploitation Status
No known exploitation
Sophistication
Moderate

Attack Surface

AV AC PR UI S C I A
AV Network
AC High
PR None
UI None
S Unchanged
C None
I None
A High

What should I do?

5 steps

  1. Upgrade jupyterhub-ltiauthenticator to 1.6.3 — the only complete fix.

  2. Rotate all LTI consumer keys immediately as a precaution in case keys are compromised.

  3. If patching is delayed, rate-limit POST requests to the LTI launch endpoint at the reverse proxy (nginx/Caddy) with burst limits.

  4. Implement memory alerting on the JupyterHub process (alert at >80% heap growth over baseline).

  5. Audit all systems with access to LTI consumer keys; revoke any unnecessary key distributions.

CISA SSVC Assessment

Decision Track
Exploitation none
Automatable No
Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

DoS Framework AML.T0029 AML.T0034 AML.T0049

Compliance Impact

This CVE is relevant to:

EU AI Act
Article 15 - Accuracy, robustness and cybersecurity
ISO 42001
A.9.3 - AI system operation
NIST AI RMF
MANAGE 2.2 - Mechanisms are in place to respond to and recover from AI risks
OWASP LLM Top 10
LLM10:2025 - Unbounded Consumption

Frequently Asked Questions

What is CVE-2026-34052?

JupyterHub deployments using LTI 1.1 authentication are vulnerable to memory exhaustion DoS — an attacker with any valid LTI consumer key can crash the server by flooding it with unique nonces before signature verification occurs. Patch to jupyterhub-ltiauthenticator 1.6.3 immediately and treat LTI consumer keys as high-value secrets requiring rotation. Risk is limited to availability; no data exfiltration is possible via this vector.

Is CVE-2026-34052 actively exploited?

No confirmed active exploitation of CVE-2026-34052 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-34052?

1. Upgrade jupyterhub-ltiauthenticator to 1.6.3 — the only complete fix. 2. Rotate all LTI consumer keys immediately as a precaution in case keys are compromised. 3. If patching is delayed, rate-limit POST requests to the LTI launch endpoint at the reverse proxy (nginx/Caddy) with burst limits. 4. Implement memory alerting on the JupyterHub process (alert at >80% heap growth over baseline). 5. Audit all systems with access to LTI consumer keys; revoke any unnecessary key distributions.

What systems are affected by CVE-2026-34052?

This vulnerability affects the following AI/ML architecture patterns: ML development environments, training pipelines, collaborative AI platforms.

What is the CVSS score for CVE-2026-34052?

CVE-2026-34052 has a CVSS v3.1 base score of 5.9 (MEDIUM). The EPSS exploitation probability is 0.06%.

Technical Details

NVD Description

## Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. ## Patches - upgrade jupyterhub-litauthenticator to 1.6.3

Exploitation Scenario

Attacker obtains a valid LTI consumer key via phishing a faculty member, finding it hardcoded in a public GitHub repo, or extracting it from a misconfigured LMS. They script a high-volume loop sending LTI 1.1 launch requests to JupyterHub with unique OAuth nonces on each request. Each nonce is stored in the class-level dictionary before signature validation runs, meaning even malformed requests pollute memory. After thousands of requests, the JupyterHub process exhausts available RAM, the server crashes, and all active ML sessions — including long-running training jobs — are terminated simultaneously.

Weaknesses (CWE)

CWE-401 Missing Release of Memory after Effective Lifetime Primary CWE-770 Allocation of Resources Without Limits or Throttling Primary

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Timeline

Published
April 3, 2026
Last Modified
April 3, 2026
First Seen
April 4, 2026

Related Vulnerabilities

CRITICAL CVE-2026-33660 10.0

TensorFlow: type confusion NPD in tensor conversion

Same attack type: DoS
CRITICAL CVE-2023-25668 9.8

TensorFlow: unauthenticated RCE via heap buffer overflow

Same attack type: DoS
CRITICAL CVE-2022-23587 9.8

TensorFlow: integer overflow in Grappler enables RCE

Same attack type: DoS
CRITICAL CVE-2022-35939 9.8

TensorFlow: ScatterNd OOB write enables RCE/crash

Same attack type: DoS
CRITICAL CVE-2022-41900 9.8

TensorFlow: heap OOB RCE in FractionalMaxPool op

Same attack type: DoS
Back to Threat Feed