CVE-2026-42557
Arbitrary Code Execution vulnerability in jupyterlab (PyPI)

Arbitrary Code Execution No known exploit

What is CVE-2026-42557 About?

JupyterLab's HTML sanitizer permits specific `data-commandlinker` attributes on `button` elements, combined with a `CommandLinker` that executes commands from `document.body` click events without trust validation. This allows an attacker to craft a malicious HTML cell output that, upon a single user click, triggers arbitrary JupyterLab commands, including code execution. Exploitation requires user interaction with a malicious notebook but is highly effective.

Affected Software

  • jupyterlab
    • <4.5.7
  • notebook
    • >=7.0.0, <7.5.6

Technical Details

JupyterLab's HTML sanitizer, intended to prevent XSS, unexpectedly allowlists data-commandlinker-command and data-commandlinker-args attributes on button elements. Concurrently, the CommandLinker component listens for all click events on document.body and directly executes the command specified by these attributes, without verifying the origin or trustworthiness of the element. An attacker can pre-save a malicious HTML output within a notebook file (e.g., an output cell). This HTML could contain a button element with data-commandlinker-command set to an arbitrary JupyterLab command (e.g., kernel:restart-and-run-all or commands from extensions). When a user opens the notebook and clicks this visually legitimate-looking button, the CommandLinker executes the attacker-defined command, potentially leading to arbitrary code execution within the kernel, file deletion, or denial of service through resource exhaustion.

What is the Impact of CVE-2026-42557?

Successful exploitation may allow attackers to execute arbitrary code in kernels, delete files, and cause denial of service through resource exhaustion, leading to data loss or system compromise.

What is the Exploitability of CVE-2026-42557?

Exploitation requires an attacker to share a malicious notebook or Markdown file containing a crafted HTML cell output. This is a remote attack targeting a user's browser-side JupyterLab session. No authentication to the JupyterLab server beyond opening the malicious file is strictly necessary, though the user must click on the crafted button. The complexity is moderate, as it relies on convincing a user to interact with a malicious element. No special privileges are required, as the vulnerability leverages the legitimate command execution functionality. The risk factors include the ability to disseminate malicious notebooks and the user's susceptibility to clicking deceptive UI elements, enhanced by the immediate execution without further prompts.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2026-42557?

Available Upgrade Options

  • jupyterlab
    • <4.5.7 → Upgrade to 4.5.7
  • notebook
    • >=7.0.0, <7.5.6 → Upgrade to 7.5.6

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2026-42557?

Similar Vulnerabilities: CVE-2024-21915 , CVE-2023-45585 , CVE-2023-38605 , CVE-2022-38692 , CVE-2021-32694

All Rights reserved 2025
Privacy Policy