Summary
Jupyter Server before 2.20.0 has a stored cross-site scripting flaw (CVE-2026-44727). The `NbconvertFileHandler` and `NbconvertPostHandler` served converted notebook output without a sandboxing Content-Security-Policy, so malicious HTML or JavaScript embedded in a notebook executes in the victim's browser within the Jupyter origin. Opening or being shown a crafted notebook can hijack a user's Jupyter session.
How to fix it
- Upgrade `jupyter-server` to 2.20.0 or later, which restores the sandbox Content-Security-Policy on the nbconvert handlers.
- Until you upgrade, treat notebooks from untrusted sources as hostile and do not open or render them in a shared Jupyter instance.
How to avoid it in your code
- Render untrusted, user-controlled content under a strict sandboxing Content-Security-Policy, and serve downloadable HTML from a separate origin where possible.
- Sanitize or escape document and notebook output that can contain HTML or JavaScript before display.
- Keep notebook and data-science tooling patched; these tools routinely render untrusted input and are a recurring XSS surface.
References
Related vulnerabilities
All Supply chain →- HIGHCVE-2026-52798
Gogs has Stored XSS in `.ipynb` Preview
- MEDIUMGHSA-hvqh-jw65-wcpq
devbridge-autocomplete has XSS in its default formatters: formatGroup and formatResult fail to escape HTML in untrusted inputs
- CRITICALCVE-2026-44203
OpenAM has pre-auth Reflected XSS in OAuth2 / OIDC response_mode=form_post via state parameter (FormPostResponse.ftl)
- HIGHGHSA-x975-rgx4-5fh4
appium-mcp: Unescaped Locator Data XSS in MCP-UI Resource (createLocatorGeneratorUI)
- MEDIUMCVE-2026-55877
symfony/ux-icons: XSS via unsanitized SVG content in local files and Iconify on-demand responses
- HIGHCVE-2026-55692
StarCitizenWiki Extension Embed Video: Stored XSS via malformed src url with $wgEmbedVideoRequireConsent enabled