XSS in Jupyter-server Jupyter_server
CVE-2026-44727
Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Poli…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Jupyter-server Jupyter_server — versions < 2.20
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)