CVE-2026-23528 in distributed
Summary
by MITRE • 01/16/2026
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/12/2026
The vulnerability identified as CVE-2026-23528 represents a critical cross-site scripting flaw within the Dask distributed task scheduler ecosystem, specifically affecting versions prior to 2026.1.0. This security issue emerges from the interaction between multiple components including Jupyter Lab, jupyter-server-proxy, and Dask distributed, creating an exploitable condition that allows remote code execution through carefully crafted URLs. The vulnerability exploits the trust relationship between these components when they operate together on localhost using default configurations, making it particularly dangerous in development and testing environments where such default settings are commonly used. The flaw resides in the Dask dashboard's handling of user-provided input through URL parameters, which are not properly sanitized before being processed by the Jupyter server component.
The technical implementation of this vulnerability leverages the jupyter-server-proxy mechanism to route requests through Jupyter Lab to the Dask dashboard, where malicious input is processed without adequate validation or sanitization. When a user clicks on a specially crafted phishing URL, the Dask dashboard renders an error page that contains malicious JavaScript code executed within the context of the Jupyter Python kernel. This execution context allows attackers to run arbitrary commands on the system with the privileges of the user running Jupyter Lab, effectively providing a remote code execution capability that bypasses traditional security boundaries. The vulnerability demonstrates a classic XSS attack pattern where the malicious payload is embedded in URL parameters and executed during the rendering of dashboard error messages, with the attack vector exploiting the implicit trust between the proxy component and the underlying Jupyter server.
The operational impact of this vulnerability extends beyond simple code execution, as it enables attackers to establish persistent access to systems running vulnerable configurations. The attack requires minimal user interaction beyond clicking a malicious link, making it particularly effective for phishing campaigns targeting developers and data scientists who frequently use Jupyter environments. The vulnerability is especially concerning because it assumes default configurations and localhost deployment scenarios, which are common in development workflows and may not be properly secured in production environments. This creates a significant risk for organizations where developers have elevated privileges or where the Jupyter environment is accessible from untrusted networks, as the attack can be executed without requiring additional authentication or network access.
Mitigation strategies for CVE-2026-23528 primarily focus on upgrading to the patched version 2026.1.0 or later, which implements proper input validation and sanitization for URL parameters within the Dask dashboard. Organizations should also consider implementing network segmentation to prevent unauthorized access to Jupyter environments, particularly when running on default ports. Additional protective measures include configuring Jupyter to use non-default ports, implementing strict firewall rules, and ensuring that users are educated about the risks of clicking untrusted links in development environments. Security monitoring should be enhanced to detect suspicious URL patterns and unusual execution behavior within Jupyter kernels. This vulnerability aligns with CWE-79 Cross-site Scripting and ATT&CK technique T1059.001 Command and Scripting Interpreter, representing a significant risk to data science and machine learning environments where Jupyter notebooks and distributed computing frameworks are commonly deployed. The fix addresses the root cause by implementing proper output encoding and input validation mechanisms that prevent malicious code injection into dashboard error pages and user interfaces.