CVE-2026-40110— jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40110
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-777
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jupyter Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jupyter Server是Jupyter组织的一款用于为Jupyter Web应用提供后端服务的应用软件。 Jupyter Server 2.17.0及之前版本存在安全漏洞,该漏洞源于Origin标头验证使用re.match仅锚定字符串开头,可能导致绕过CORS源限制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| jupyter-server | jupyter_server | <= 2.17.0 | - |
II. Public POCs for CVE-2026-40110
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40110
请登录查看更多情报信息。
Same Patch Batch · jupyter-server · 2026-05-05 · 4 CVEs total
| CVE-2025-61669 | jupyter_server next parameter open redirect can redirect users to external domains | |
| CVE-2026-35397 | jupyter-server path traversal allows access to sibling directories sharing root_dir name p | |
| CVE-2026-40934 | jupyter-server authentication cookies remain valid after password reset due to static cook |
IV. Related Vulnerabilities
Same product: jupyter_server
- CVE-2026-40934
jupyter-server authentication cookies remain valid after pas - CVE-2026-35397
jupyter-server path traversal allows access to sibling direc - CVE-2025-61669
jupyter_server next parameter open redirect can redirect use - CVE-2024-35178
Jupyter server on Windows discloses Windows user password ha - CVE-2023-49080
Jupyter Server errors include tracebacks with path informati
Same vendor: jupyter-server
- CVE-2026-40934
jupyter-server authentication cookies remain valid after pas - CVE-2026-35397
jupyter-server path traversal allows access to sibling direc - CVE-2025-61669
jupyter_server next parameter open redirect can redirect use - CVE-2024-35178
Jupyter server on Windows discloses Windows user password ha - CVE-2024-28188
jupyter-scheduler's endpoint is missing authentication
V. Comments for CVE-2026-40110
No comments yet