CVE-2026-34052: ltiauthenticator: OAuth nonce leak causes server DoS

GHSA-8mxq-7xr7-2fxj MEDIUM
Published April 3, 2026
CISO Take

JupyterHub deployments using LTI 1.1 authentication are vulnerable to memory exhaustion DoS — an attacker with any valid LTI consumer key can crash the server by flooding it with unique nonces before signature verification occurs. Patch to jupyterhub-ltiauthenticator 1.6.3 immediately and treat LTI consumer keys as high-value secrets requiring rotation. Risk is limited to availability; no data exfiltration is possible via this vector.

What is the risk?

Medium severity (CVSS 5.9) with high attack complexity gated on possessing a valid LTI consumer key. In practice, consumer keys in academic and enterprise Jupyter deployments are often weakly controlled — hardcoded in LMS configs, shared across teams, or exposed in public repositories — lowering the real-world bar significantly. Impact is purely availability; no confidentiality or integrity risk. Not in CISA KEV, no known active exploitation.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
Jupyter pip <= 1.6.2 1.6.3
13.2K OpenSSF 5.8 1.9K dependents Pushed 9d ago 60% patched ~24d to patch Full package profile →

Do you use Jupyter? You're affected.

How severe is it?

CVSS 3.1
5.9 / 10
EPSS
0.3%
chance of exploitation in 30 days
Higher than 25% of all CVEs
Exploitation Status
No known exploitation
Sophistication
Moderate

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC High
PR None
UI None
S Unchanged
C None
I None
A High

What should I do?

5 steps
  1. Upgrade jupyterhub-ltiauthenticator to 1.6.3 — the only complete fix.

  2. Rotate all LTI consumer keys immediately as a precaution in case keys are compromised.

  3. If patching is delayed, rate-limit POST requests to the LTI launch endpoint at the reverse proxy (nginx/Caddy) with burst limits.

  4. Implement memory alerting on the JupyterHub process (alert at >80% heap growth over baseline).

  5. Audit all systems with access to LTI consumer keys; revoke any unnecessary key distributions.

What does CISA's SSVC say?

Decision Track
Exploitation none
Automatable No
Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

How is it classified?

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act
Article 15 - Accuracy, robustness and cybersecurity
ISO 42001
A.9.3 - AI system operation
NIST AI RMF
MANAGE 2.2 - Mechanisms are in place to respond to and recover from AI risks
OWASP LLM Top 10
LLM10:2025 - Unbounded Consumption

Frequently Asked Questions

What is CVE-2026-34052?

JupyterHub deployments using LTI 1.1 authentication are vulnerable to memory exhaustion DoS — an attacker with any valid LTI consumer key can crash the server by flooding it with unique nonces before signature verification occurs. Patch to jupyterhub-ltiauthenticator 1.6.3 immediately and treat LTI consumer keys as high-value secrets requiring rotation. Risk is limited to availability; no data exfiltration is possible via this vector.

Is CVE-2026-34052 actively exploited?

No confirmed active exploitation of CVE-2026-34052 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-34052?

1. Upgrade jupyterhub-ltiauthenticator to 1.6.3 — the only complete fix. 2. Rotate all LTI consumer keys immediately as a precaution in case keys are compromised. 3. If patching is delayed, rate-limit POST requests to the LTI launch endpoint at the reverse proxy (nginx/Caddy) with burst limits. 4. Implement memory alerting on the JupyterHub process (alert at >80% heap growth over baseline). 5. Audit all systems with access to LTI consumer keys; revoke any unnecessary key distributions.

What systems are affected by CVE-2026-34052?

This vulnerability affects the following AI/ML architecture patterns: ML development environments, training pipelines, collaborative AI platforms.

What is the CVSS score for CVE-2026-34052?

CVE-2026-34052 has a CVSS v3.1 base score of 5.9 (MEDIUM). The EPSS exploitation probability is 0.33%.

What is the AI security impact?

Affected AI Architectures

ML development environmentstraining pipelinescollaborative AI platforms

MITRE ATLAS Techniques

AML.T0029 Denial of AI Service
AML.T0034 Cost Harvesting
AML.T0049 Exploit Public-Facing Application

Compliance Controls Affected

EU AI Act: Article 15
ISO 42001: A.9.3
NIST AI RMF: MANAGE 2.2
OWASP LLM Top 10: LLM10:2025

What are the technical details?

Original Advisory

## Summary The LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. ## Patches - upgrade jupyterhub-litauthenticator to 1.6.3

Exploitation Scenario

Attacker obtains a valid LTI consumer key via phishing a faculty member, finding it hardcoded in a public GitHub repo, or extracting it from a misconfigured LMS. They script a high-volume loop sending LTI 1.1 launch requests to JupyterHub with unique OAuth nonces on each request. Each nonce is stored in the class-level dictionary before signature validation runs, meaning even malformed requests pollute memory. After thousands of requests, the JupyterHub process exhausts available RAM, the server crashes, and all active ML sessions — including long-running training jobs — are terminated simultaneously.

Weaknesses (CWE)

CWE-401 — Missing Release of Memory after Effective Lifetime: The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

  • [Implementation] Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
  • [Architecture and Design] Use an abstraction library to abstract away risky APIs. Not a complete solution.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

Published
April 3, 2026
Last Modified
April 3, 2026
First Seen
April 4, 2026

Related Vulnerabilities