Open Redirect in Jupyterhub

CVE-2026-33709

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the Jup…

Vulnerability class: Open Redirect

EPSS: 0.000 (2.6th percentile) — read the EPSS interpretation.

Affected products

Jupyterhub — versions < 5.4.4

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-3vff-hjqv-m7h8 (x_refsource_CONFIRM)
https://github.com/jupyterhub/jupyterhub/releases/tag/5.4.4 (x_refsource_MISC)