SB2026042149 - Multiple vulnerabilities in Jupyter Notebook
Published: April 21, 2026 Updated: May 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Improper access control (CVE-ID: CVE-2026-40264)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to improper access control in the token store when handling token renewal or revocation across namespaces. A remote privileged user can renew or revoke a token from another namespace to cause a denial of service.
Exploitation requires a leaked token accessor and affects cross-namespace tenant isolation.
2) Improper Authentication (CVE-ID: CVE-2026-39388)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to modify token renewal behavior and extend the lifetime of dynamic leases.
The vulnerability exists due to improper certificate binding validation in the certificate authentication method when processing token renewal requests with disable_binding=true. A remote privileged user can present a sibling certificate and key signed by the same CA to modify token renewal behavior and extend the lifetime of dynamic leases.
Exploitation requires knowledge of the original token or its accessor.
3) SQL injection (CVE-ID: CVE-2026-39946)
CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to SQL injection in the PostgreSQL database secrets engine when revoking privileges on a role using schema names provided by PostgreSQL. A remote privileged user can trigger role revocation with improperly quoted schema names to disclose sensitive information.
Exploitation may also cause role revocation failures.
4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-39396)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in ExtractPluginFromImage() in the OCI plugin downloader when extracting a plugin binary from a container image. A remote attacker can serve a crafted OCI image containing a decompression bomb to cause a denial of service.
User interaction is required to trigger plugin loading, such as starting OpenBao or reloading its configuration, and instances with automatic plugin download enabled can be repeatedly affected on restart or reload.
5) Incomplete cleanup (CVE-ID: CVE-2026-42186)
CWE-ID: CWE-459 - Incomplete cleanup
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to modify data by causing incomplete namespace deletion.
The vulnerability exists due to improper deletion of data in namespace deletion handling when retrying namespace deletion after an initial deletion failure. A remote user can trigger repeated namespace deletion attempts to modify data by leaving leases or unrelated storage entries undeleted.
The issue occurs when the initial namespace deletion attempt fails and a subsequent retry marks the namespace as deleted before all data is removed.
6) Cross-site scripting (CVE-ID: CVE-2026-40171)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote user to steal authentication tokens and execute arbitrary code.
The vulnerability exists due to cross-site scripting in the help extension command linker functionality when rendering malicious notebook content. A remote privileged user can craft a malicious notebook file and induce a single click on attacker-controlled elements to steal authentication tokens and execute arbitrary code.
User interaction is required to open a malicious notebook file and click an element made to appear indistinguishable from a legitimate control.
Remediation
Install update from vendor's website.
References
- https://github.com/openbao/openbao/security/advisories/GHSA-p49j-v9wc-wg57
- https://github.com/openbao/openbao/security/advisories/GHSA-7ccv-rp6m-rffr
- https://github.com/openbao/openbao/security/advisories/GHSA-6vgr-cp5c-ffx3
- https://github.com/openbao/openbao/security/advisories/GHSA-r65v-xgwc-g56j
- https://github.com/openbao/openbao/security/advisories/GHSA-vv66-6rp4-wr4f
- https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9
- https://github.com/advisories/GHSA-rch3-82jr-f9w9