AI Threat Alert AI Threat Alert

CVE-2026-39378

GHSA-7jqv-fw35-gmx9 MEDIUM
Published April 21, 2026

## Summary When `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. ## Patches...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
nbconvert pip >= 6.5.0, < 7.17.1 7.17.1
13.1K OpenSSF 4.7 2.9K dependents Pushed 5d ago 100% patched ~813d to patch Full package profile →

Do you use nbconvert? You're affected.

Severity & Risk

CVSS 3.1
6.5 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Attack Surface

AV AC PR UI S C I A
AV Network
AC Low
PR None
UI Required
S Unchanged
C High
I None
A None

Recommended Action

Patch available

Update nbconvert to version 7.17.1

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-39378?

nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding

Is CVE-2026-39378 actively exploited?

No confirmed active exploitation of CVE-2026-39378 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-39378?

Update to patched version: nbconvert 7.17.1.

What is the CVSS score for CVE-2026-39378?

CVE-2026-39378 has a CVSS v3.1 base score of 6.5 (MEDIUM).

Technical Details

NVD Description

## Summary When `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. ## Patches Upgrade to nbconvert 7.17.1 ## Workarounds Do not enable `HTMLExporter.embed_images` (it is not enabled by default).

Weaknesses (CWE)

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Primary CWE-23 Relative Path Traversal Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

Timeline

Published
April 21, 2026
Last Modified
April 21, 2026
First Seen
April 21, 2026

Related Vulnerabilities

HIGH CVE-2018-8768 7.8

Jupyter Notebook: XSS via malicious .ipynb file

Same package: notebook
MEDIUM CVE-2026-39377 6.5

Analysis pending

Same package: notebook
MEDIUM CVE-2018-21030 5.3

Jupyter Notebook: XSS via missing CSP on served files

Same package: notebook
CRITICAL GHSA-2679-6mx9-h9xc

Marimo: pre-auth RCE via terminal WebSocket

Same package: notebook
Back to Threat Feed