CVE-2026-40864 — MEDIUM (CVSS 5.4) AI Security Vulnerability

Q: What is CVE-2026-40864?

JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Q: Is CVE-2026-40864 actively exploited?

No confirmed active exploitation of CVE-2026-40864 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2026-40864?

Update to patched version: jupyterhub 5.4.5.

Q: What is the CVSS score for CVE-2026-40864?

CVE-2026-40864 has a CVSS v3.1 base score of 5.4 (MEDIUM).

## Summary JupyterHub's XSRF protection (updated in 4.1.0) inappropriately treated requests with `Sec-Fetch-Mode: no-cors` as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as `/hub/spawn` and `/hub/accept-share`,...

Full CISO analysis pending enrichment.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
jupyterhub	pip	>= 4.1.0, < 5.4.5	`5.4.5`
13.1K OpenSSF 4.8 1.9K dependents Pushed 5d ago 100% patched ~0d to patch Full package profile →

Do you use jupyterhub? You're affected.

Severity & Risk

CVSS 3.1

5.4 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

N/A

Attack Surface

AV Network

AC Low

PR None

UI Required

S Unchanged

C None

I Low

A Low

Recommended Action

Patch available

Update jupyterhub to version 5.4.5

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-40864?

JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Is CVE-2026-40864 actively exploited?

No confirmed active exploitation of CVE-2026-40864 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-40864?

Update to patched version: jupyterhub 5.4.5.

What is the CVSS score for CVE-2026-40864?

CVE-2026-40864 has a CVSS v3.1 base score of 5.4 (MEDIUM).

Technical Details

NVD Description

## Summary JupyterHub's XSRF protection (updated in 4.1.0) inappropriately treated requests with `Sec-Fetch-Mode: no-cors` as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as `/hub/spawn` and `/hub/accept-share`, meaning attackers could trigger server spawn (but not access the server) and if the attacker is a JupyterHub user permitted to share access to their server, cause a user to accept a share and have access to the attacker's server. ## Patches Upgrade to JupyterHub 5.4.5. ## Mitigations If a reverse proxy is in use, drop requests to JupyterHub with `Sec-Fetch-Mode: no-cors`.