XSS in Jupyter Notebook

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting i…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (17.1th percentile) — read the EPSS interpretation.

Affected products

Jupyter Notebook — versions >=7.0.0, <= 7.5.5
Jupyterlab Help-extension — versions <=4.5.6
Jupyterlab — versions <= 4.5.6
Jupyter-notebook Help-extension — versions >=7.0.0,<= 7.5.5

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9 (x_refsource_CONFIRM)