CVE-2026-35397
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
Description
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.
INFO
Published Date :
May 5, 2026, 8:16 p.m.
Last Modified :
May 8, 2026, 7:11 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] | ||||
| CVSS 4.0 | HIGH | [email protected] |
Solution
- Update Jupyter Server to version 2.18.0.
- Avoid naming directories with common prefixes.
- Ensure folder names do not share prefixes.
Public PoC/Exploit Available at Github
CVE-2026-35397 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-35397.
| URL | Resource |
|---|---|
| https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3 | Exploit Vendor Advisory |
| https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3 | Exploit Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-35397 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-35397
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Shell Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-35397 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-35397 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
May. 08, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:jupyter:jupyter_server:*:*:*:*:*:*:*:* versions up to (excluding) 2.18.0 Added Reference Type CISA-ADP: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3 Types: Exploit, Vendor Advisory Added Reference Type GitHub, Inc.: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3 Types: Exploit, Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
May. 06, 2026
Action Type Old Value New Value Added Reference https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3 -
New CVE Received by [email protected]
May. 05, 2026
Action Type Old Value New Value Added Description Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory. Added CVSS V4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-22 Added Reference https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3