AI Threat Alert AI Threat Alert

CVE-2026-40171

GHSA-rch3-82jr-f9w9 HIGH
Published April 30, 2026

### Impact A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
@jupyter-notebook/help-extension npm >= 7.0.0, <= 7.5.5 7.5.6
13.1K OpenSSF 4.7 2.9K dependents Pushed 5d ago 100% patched ~581d to patch Full package profile →
@jupyterlab/help-extension npm <= 4.5.6 4.5.7
13.1K OpenSSF 4.7 1.9K dependents Pushed 5d ago 100% patched ~1d to patch Full package profile →
jupyterlab pip <= 4.5.6 4.5.7
13.1K OpenSSF 4.7 1.9K dependents Pushed 5d ago 100% patched ~1d to patch Full package profile →
notebook pip >= 7.0.0, <= 7.5.5 7.5.6
13.1K OpenSSF 4.7 2.9K dependents Pushed 5d ago 100% patched ~581d to patch Full package profile →

Severity & Risk

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Recommended Action

Patch available

Update @jupyter-notebook/help-extension to version 7.5.6

Update @jupyterlab/help-extension to version 4.5.7

Update jupyterlab to version 4.5.7

Update notebook to version 7.5.6

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-40171?

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Is CVE-2026-40171 actively exploited?

No confirmed active exploitation of CVE-2026-40171 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-40171?

Update to patched version: @jupyter-notebook/help-extension 7.5.6, @jupyterlab/help-extension 4.5.7, jupyterlab 4.5.7, notebook 7.5.6.

What is the CVSS score for CVE-2026-40171?

No CVSS score has been assigned yet.

Technical Details

NVD Description

### Impact A stored Cross-Site Scripting (XSS) vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls (single click interaction). The vulnerability enables complete account takeover through the Jupyter REST API, allowing the attacker to: 1. Read all files 2. Modify/create files 3. Access running kernels and execute arbitrary code 4. Create terminals for shell access ### Patches Jupyter Notebook 7.5.6 and JupyterLab 4.5.7 include patches for this vulnerability. ### Workarounds The help extension can be disabled via CLI: ``` jupyter labextension disable @jupyter-notebook/help-extension jupyter labextension disable @jupyterlab/help-extension ``` ### Hardening The patched versions include a toggle to disable the command linker functionality altogether, for example via `overrides.json`: ```json { "@jupyterlab/apputils-extension:sanitizer": { "allowCommandLinker": false } } ``` ### Resources - https://jupyterlab.readthedocs.io/en/latest/user/commands.html#commands-in-markdown-output-and-files ### Acknowledgments Reported by Daniel Teixeira - NVIDIA AI Red Team

Weaknesses (CWE)

CWE-601 URL Redirection to Untrusted Site ('Open Redirect') Primary CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Primary

References

Timeline

Published
April 30, 2026
Last Modified
April 30, 2026
First Seen
April 30, 2026

Related Vulnerabilities

CRITICAL CVE-2025-32428

jupyter-remote-desktop-proxy: VNC network exposure

Same package: jupyter
Back to Threat Feed