CVE-2026-40934 | jupyter-server jupyter_server up to 2.17.x Password Change jupyter_cookie_secret session expiration (GHSA-5mrq-x3x5-8v8f)

Inserito da Angelo Barbosa | Mag 6, 2026 | CVE

A vulnerability was found in jupyter-server jupyter_server up to 2.17.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ~/.local/share/jupyter/runtime/jupyter_cookie_secret of the component Password Change Handler. Such manipulation leads to session expiration.

This vulnerability is uniquely identified as CVE-2026-40934. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-40934 | jupyter-server jupyter_server up to 2.17.x Password Change jupyter_cookie_secret session expiration (GHSA-5mrq-x3x5-8v8f)

Post correlati

CVE-2023-42866 | Apple macOS WebKit Privilege Escalation

CVE-2025-29838 | Microsoft

CVE-2026-3999 | Pointsharp ID Server up to 8.x Configuration authorization (psa-2026-001)

CVE-2024-56990 | PHPGurukul Hospital Management System 4.0 /view-medhistory.php cross site scripting