What is CVE-2026-33175?

CVE-2026-33175 is a high-severity vulnerability in Jupyterhub Oauthenticator, classified under Improper Authentication. CVSS score: 8.8/10. Published 2026-04-03.

How severe is CVE-2026-33175?

High severity. CVSS v3 base score is 8.8 out of 10.

Auth bypass in Jupyterhub Oauthenticator

CVE-2026-33175

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email addre…

Vulnerability class: Broken Authentication

EPSS: 0.001 (31.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Jupyterhub Oauthenticator — versions < 17.4.0

Weakness classification (CWE)

References

https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-rrvg-cxh4-qhrv (x_refsource_CONFIRM)
https://github.com/jupyterhub/oauthenticator/commit/f0c7002dc36e41efae0f674033cf7888a21d96f9 (x_refsource_MISC)
https://github.com/jupyterhub/oauthenticator/releases/tag/17.4.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33175?: CVE-2026-33175 is a high-severity vulnerability in Jupyterhub Oauthenticator, classified under Improper Authentication. CVSS score: 8.8/10. Published 2026-04-03.
How severe is CVE-2026-33175?: High severity. CVSS v3 base score is 8.8 out of 10.