CVE-2026-6657 in jupyter-server정보

요약

\~에 의해 MITRE • 2026. 06. 03.

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the `allow_origin_pat` configuration is used. The issue arises from the use of `re.match()` for validating the `Origin` header, which only anchors at the start of the string. This allows attacker-controlled domains such as `trusted.example.com.evil.com` to pass validation against patterns intended to match `trusted.example.com`. The vulnerability affects multiple locations in the codebase, including CORS headers, WebSocket connections, referer validation, and login redirects, potentially enabling phishing attacks, arbitrary code execution, and unauthorized access to sensitive API responses.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

@huntr Ai

예약하다

2026. 04. 20.

공개

2026. 06. 03.

모더레이션

수락

항목

VDB-368151

CPE

준비됨

CWE

CWE-346 (확인됨)

CVSS

6.1 (CNA)

EPSS

0.00000

KEV

아니요

활동

낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6657
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6657
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6657/

◂ 이전 개요 다음 ▸

Do you need the next level of professionalism?

Upgrade your account now!