CVE-2026-40110 — HIGH AI Security Vulnerability

Q: What is CVE-2026-40110?

Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)

Q: Is CVE-2026-40110 actively exploited?

No confirmed active exploitation of CVE-2026-40110 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2026-40110?

Update to patched version: jupyter-server 2.18.0.

Q: What is the CVSS score for CVE-2026-40110?

No CVSS score has been assigned yet.

Jupyter Server uses `re.match()` to validate the Origin header against the `allow_origin_pat` configuration. Since `re.match()` only anchors at the start of the string, an attacker who controls a domain like `http://trusted.example.com.evil.com/` passes validation against a pattern intended to...

Full CISO analysis pending enrichment.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
jupyter-server	pip	<= 2.17.0	`2.18.0`
13.1K OpenSSF 4.8 1.9K dependents Pushed 5d ago 100% patched ~0d to patch Full package profile →

Do you use jupyter-server? You're affected.

Severity & Risk

CVSS 3.1

N/A

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

N/A

Recommended Action

Patch available

Update jupyter-server to version 2.18.0

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-40110?

Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)

Is CVE-2026-40110 actively exploited?

No confirmed active exploitation of CVE-2026-40110 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-40110?

Update to patched version: jupyter-server 2.18.0.

What is the CVSS score for CVE-2026-40110?

No CVSS score has been assigned yet.

Technical Details

NVD Description

Jupyter Server uses `re.match()` to validate the Origin header against the `allow_origin_pat` configuration. Since `re.match()` only anchors at the start of the string, an attacker who controls a domain like `http://trusted.example.com.evil.com/` passes validation against a pattern intended to match only `trusted.example.com`. ### Impact <=2.17.0 ### Patches 057869a327c46730afede3eab0ca2d2e3e74acea, 49b34392feaa97735b3b777e3baf8f22f2a14ed8 ### Workarounds Wrap your `allow_origin_pat` value with `^` and `$` ### References https://github.com/jupyter-server/jupyter_server/pull/603 https://docs.python.org/3/library/re.html#re.fullmatch https://docs.python.org/3/library/re.html#re.match