VDB
EN
MEDIUM 6.5

PYSEC-2026-1707

JupyterLab vulnerable to SXSS in Markdown Preview

상세

### Impact

The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.

A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user.

### Patches

JupyterLab v4.0.11 was patched.

### Workarounds

Users can either disable the table of contents extension by running:

```bash jupyter labextension disable @jupyterlab/toc-extension:registry ```

### References

Vulnerability reported via the [bug bounty program](https://app.intigriti.com/programs/jupyter/jupyter/detail) [sponsored by the European Commission](https://commission.europa.eu/news/european-commissions-open-source-programme-office-starts-bug-bounties-2022-01-19_en) and hosted on the [Intigriti platform](https://www.intigriti.com/).

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / notebook
최초 영향 버전: 7.0.0 수정 버전: 7.0.7
수정 pip install --upgrade 'notebook>=7.0.7'

참고