{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39377", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-06T21:29:17.350Z", "datePublished": "2026-04-21T00:14:59.937Z", "dateUpdated": "2026-04-21T19:49:24.475Z"}, "containers": {"cna": {"title": "nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg"}, {"name": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1"}], "affected": [{"vendor": "jupyter", "product": "nbconvert", "versions": [{"version": ">= 6.5, < 7.17.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T00:14:59.937Z"}, "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch."}], "source": {"advisory": "GHSA-4c99-qj7h-p3vg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T16:01:22.179013Z", "id": "CVE-2026-39377", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T19:49:24.475Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39377", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T16:01:22.179013Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T16:01:26.848Z"}}], "cna": {"title": "nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames", "source": {"advisory": "GHSA-4c99-qj7h-p3vg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "jupyter", "product": "nbconvert", "versions": [{"status": "affected", "version": ">= 6.5, < 7.17.1"}]}], "references": [{"url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg", "name": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "name": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T00:14:59.937Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39377", "state": "PUBLISHED", "dateUpdated": "2026-04-21T19:49:24.475Z", "dateReserved": "2026-04-06T21:29:17.350Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-21T00:14:59.937Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions 6.5 through 7.17.0 allow arbitrary file writes to locations outside the intended output directory when processing notebooks containing crafted cell attachment filenames. The `ExtractAttachmentsPreprocessor` passes attachment filenames directly to the filesystem without sanitization, enabling path traversal attacks. This vulnerability provides complete control over both the destination path and file extension. Version 7.17.1 contains a patch."}], "id": "CVE-2026-39377", "lastModified": "2026-04-21T16:20:24.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T01:16:05.937", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "nbconvert: nbconvert: Arbitrary file write via crafted Jupyter notebook cell attachment filenames", "id": "2459951", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459951"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["A flaw was found in nbconvert, a tool used to convert Jupyter notebooks. When processing notebooks containing specially crafted cell attachment filenames, a remote attacker can exploit a path traversal vulnerability. This allows the attacker to write arbitrary files to locations outside the intended output directory, gaining complete control over both the destination path and file extension."], "name": "CVE-2026-39377", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Fix deferred", "package_name": "mta/mta-solution-server-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite/iop-advisor-engine-rhel9", "product_name": "Red Hat Satellite 6"}], "public_date": "2026-04-21T00:14:59Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-39377\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-39377\nhttps://github.com/jupyter/nbconvert/releases/tag/v7.17.1\nhttps://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.5,7.17.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "nbconvert", "source": "cna", "vendor": "jupyter"}, "product": "nbconvert", "vendor": "jupyter"}], "analysis": {"en": {"generated_at": "2026-04-21T15:34:16.409329+00:00", "value": {"mitigation_remediation": ["Upgrade jupyter nbconvert to version 7.17.1 or later, which patches the path traversal flaw.", "Restrict the file system permissions of the user account running nbconvert so that it cannot write outside the intended directory.", "Validate or sanitize attachment filenames before processing or disable attachment extraction for untrusted notebooks."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Write via Path Traversal"}, "threat_synthesis": {"affected_systems": "The issue affects all releases of the jupyter:nbconvert package from version 6.5 up through 7.17.0. Versions 7.17.1 and later incorporate a fix. Users running the affected ranges should verify their installed nbconvert version and ensure it is upgraded to 7.17.1 or a newer release.", "description_and_impact": "The vulnerability lies in the ExtractAttachmentsPreprocessor of nbconvert, which accepts cell attachment filenames without sanitization. Attackers can craft notebook files containing specially constructed filenames that include directory traversal sequences, thereby instructing nbconvert to write files outside the intended output directory. This results in arbitrary file writes, including overwriting sensitive system files or creating executables. The flaw is a classic path traversal and insecure file write weakness.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a medium severity risk. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the delivery of a malicious notebook to a system that automatically processes it with nbconvert, such as a CI/CD pipeline, a shared analysis platform, or an automated conversion service. If the nbconvert process runs with elevated permissions, the attacker could potentially overwrite critical files or deploy malware. Administrators should consider the operating context and process privileges when assessing impact."}}}}, "created": "2026-04-21T02:30:25.669910+00:00", "updated": "2026-04-21T15:37:55.186535+00:00", "vendors": ["jupyter", "jupyter$PRODUCT$nbconvert"]}