AI Threat Alert
The allow-list of extensions that can be installed from PyPI Extension Manager (`allowed_extensions_uris`) is not correctly enforced by JupyterLab prior to 4.5.X. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for...
Full CISO analysis pending enrichment.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| jupyterlab | pip | >= 4.0.0, <= 4.5.6 | 4.5.7 |
Do you use jupyterlab? You're affected.
Severity & Risk
Attack Surface
Recommended Action
Patch available
Update jupyterlab to version 4.5.7
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Frequently Asked Questions
What is CVE-2026-42266?
JupyterHub has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
Is CVE-2026-42266 actively exploited?
No confirmed active exploitation of CVE-2026-42266 has been reported, but organizations should still patch proactively.
How to fix CVE-2026-42266?
Update to patched version: jupyterlab 4.5.7.
What is the CVSS score for CVE-2026-42266?
CVE-2026-42266 has a CVSS v3.1 base score of 8.8 (HIGH).
Technical Details
NVD Description
The allow-list of extensions that can be installed from PyPI Extension Manager (`allowed_extensions_uris`) is not correctly enforced by JupyterLab prior to 4.5.X. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments that: - have allow-listed specific extensions with aim to prevent users from installing packages - have the kernel and terminals disabled or delegated to remote hosts (thus no access to install packages in the single-user server environment) - have multi-tenant deployments that is not configured for untrusted users (as per documented on JupyterHub https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html) - have the (default) PyPI Extension Manger enabled ### Impact An authenticated attacker - such as a student in a shared JupyterHub environment or a user in a multi-tenant JupyterLab deployment - can escalate their privileges. This might allow for data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure. ### Patches JupyterLab [`v4.5.7`](https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7) contains the patch. Users of applications that depend on JupyterLab, such as Notebook v7+, should update `jupyterlab` package too. ### Workarounds Switch to read-only extension manager by adding the following command line option: ```bash --LabApp.extension_manager=readonly ``` or the following traitlet: ```python c.LabApp.extension_manager = 'readonly' ``` You can confirm that the read-only manager is in use from GUI: <img width="293" height="293" alt="image" src="https://github.com/user-attachments/assets/8016c809-633e-4ed0-a5bc-6bc4793caa0f" /> Note: configuration of a PyPI proxy with allow-listed packages is not sufficient to protect from this vulnerability. ### Resources - allow-list https://jupyterlab.readthedocs.io/en/stable/user/extensions.html#listing-configuration - https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html - https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References
Timeline
Related Vulnerabilities
CVE-2026-35397 7.1 Analysis pending
Same package: jupyter CVE-2026-40934 6.8 Analysis pending
Same package: jupyter CVE-2026-40864 5.4 Analysis pending
Same package: jupyter CVE-2025-32428 jupyter-remote-desktop-proxy: VNC network exposure
Same package: jupyter CVE-2026-40110 Analysis pending
Same package: jupyter