CVE-2026-35397 | jupyter-server jupyter_server up to 2.17.x REST API /api/contents path traversal

Inserito da Angelo Barbosa | Mag 5, 2026 | CVE

A vulnerability marked as critical has been reported in jupyter-server jupyter_server up to 2.17.x. Affected is an unknown function of the file /api/contents of the component REST API. Performing a manipulation results in path traversal.

This vulnerability is cataloged as CVE-2026-35397. It is possible to initiate the attack remotely. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2026-35397 | jupyter-server jupyter_server up to 2.17.x REST API /api/contents path traversal

Post correlati

CVE-2024-7655 | PeepSo Community Plugin up to 6.4.5.0 on WordPress cross site scripting

CVE-2026-27027 | Everon api.everon.io insufficiently protected credentials (icsa-26-062-08)

CVE-2025-31202 | Apple iOS/iPadOS null pointer dereference

CVE-2024-27307 | jsonata Object Prototype code injection