CVE-2026-44181 in Enterprise Gatewayinfo

Summary

by MITRE • 07/17/2026

Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions 2.0.0rc2 and above, prior to 3.3.0, the environment variables (KERNEL_XXX) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can use or steal the Kubernetes service account token, which can steal Kubernetes secrets and be used to fully compromise the Kubernetes cluster by scheduling a privileged pod or a pod with a hostPath volume mount. This issue has been fixed in version 3.3.0.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/17/2026

The Jupyter Enterprise Gateway serves as a critical component for enabling distributed computing environments by launching remote Jupyter Notebook kernels across various cluster infrastructures including Apache Spark, Kubernetes, and Docker Swarm. This system facilitates seamless interaction between users and distributed computing resources while maintaining security boundaries through proper authentication and authorization mechanisms. The vulnerability under examination affects versions 2.0.0rc2 through 3.2.9, representing a significant security gap that existed in the rendering process of Kubernetes manifests within the enterprise gateway service.

The core technical flaw resides in the Server Side Template Injection vulnerability (CWE-74) that occurs during the processing of environment variables prefixed with KERNEL_XXX when generating Kubernetes manifest files. This SSTI vulnerability specifically affects the Jinja2 template rendering engine used by the Enterprise Gateway service, allowing malicious actors to inject template expressions directly into the environment variable values. When these variables are processed through the template engine without proper sanitization, arbitrary Python code execution becomes possible within the context of the Enterprise Gateway service itself.

The operational impact of this vulnerability extends far beyond simple code execution capabilities and represents a severe privilege escalation vector within containerized environments. An attacker exploiting this vulnerability gains the ability to execute arbitrary OS commands on the Enterprise Gateway host system while maintaining the privileges and access controls associated with the service account running the gateway. More critically, the compromised service account often possesses Kubernetes service account tokens that grant access to cluster resources, enabling attackers to enumerate secrets, access sensitive configuration data, and potentially escalate their privileges to full cluster compromise.

The security implications of this vulnerability align with several ATT&CK framework techniques including T1059 for command and script execution, T1078 for valid accounts exploitation, and T1566 for credential harvesting. Once an attacker obtains the Kubernetes service account token through code execution, they can leverage this access to perform actions such as creating privileged pods, mounting hostPath volumes, or accessing other cluster resources that would otherwise be restricted. This represents a complete compromise of the Kubernetes cluster security model, allowing attackers to move laterally within the environment and potentially exfiltrate sensitive data.

The mitigation strategy involves upgrading to version 3.3.0 or higher where proper input sanitization and template escaping mechanisms have been implemented to prevent template injection attacks. Organizations should also implement network segmentation, reduce unnecessary service account privileges, and deploy comprehensive monitoring solutions to detect anomalous command execution patterns. Additionally, regular security audits of template rendering processes and environment variable handling within containerized applications should be conducted to prevent similar vulnerabilities from emerging in other components of the distributed computing infrastructure.

This vulnerability demonstrates the critical importance of input validation in template processing systems and highlights how seemingly benign configuration parameters can become attack vectors when proper sanitization controls are not implemented. The fix implemented in version 3.3.0 addresses the root cause by ensuring that environment variables containing user-supplied data are properly escaped before being processed through the template engine, preventing any potential injection of malicious template expressions that could lead to arbitrary code execution within the Enterprise Gateway service context.

Responsible

GitHub M

Reservation

05/05/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

medium

Sources

Do you need the next level of professionalism?

Upgrade your account now!