CVE-2026-5422 in jupyter_serverinfo

Zusammenfassung

von MITRE • 02.06.2026

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator, allowing sibling directories with names starting with the same prefix as root_dir to bypass the check. Additionally, the to_os_path() function in utils.py does not strip ".." from path parts, enabling traversal sequences to bypass the vulnerable check. This vulnerability can lead to unauthorized read/write access to files in sibling directories, potentially exposing sensitive data in shared hosting environments.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

@huntr Ai

Reservieren

02.04.2026

Veröffentlichung

02.06.2026

Moderieren

akzeptiert

Eintrag

VDB-367907

CPE

bereit

CWE

CWE-23 (bestätigt)

CVSS

6.8 (CNA)

EPSS

0.00046

KEV

nein

Aktivitäten

low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-5422
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-5422
CVE Details	https://www.cvedetails.com/cve/CVE-2026-5422/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!