{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-35397","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-04-02T17:03:42.074Z","datePublished":"2026-05-05T19:37:33.810Z","dateUpdated":"2026-07-08T12:06:12.587Z"},"containers":{"cna":{"title":"jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix","problemTypes":[{"descriptions":[{"cweId":"CWE-22","lang":"en","description":"CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":7.6,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3","tags":["x_refsource_CONFIRM"],"url":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3"}],"affected":[{"vendor":"jupyter-server","product":"jupyter_server","versions":[{"version":"< 2.18.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-05-05T19:37:33.810Z"},"descriptions":[{"lang":"en","value":"Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named \"test\", the API permits access to a sibling directory named \"testtest\" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named \"user1\" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. \n\nVersion 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory."}],"source":{"advisory":"GHSA-5789-5fc7-67v3","discovery":"UNKNOWN"}},"adp":[{"references":[{"url":"https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-06T00:00:00+00:00","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-35397"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-08T03:55:36.590Z"}},{"affected":[{"cpes":["cpe:/a:redhat:migration_toolkit_applications:8"],"defaultStatus":"affected","product":"Migration Toolkit for Applications 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"}],"datePublic":"2026-05-05T19:37:33.810Z","descriptions":[{"lang":"en","value":"A flaw was found in Jupyter Server. An authenticated user can exploit a path traversal vulnerability in the REST API to escape the configured root directory (`root_dir`). By crafting a request to the `/api/contents` endpoint with encoded path components, an attacker can gain access to sibling directories whose names begin with the same prefix as the `root_dir`. This allows the attacker to read, write, and delete files in these accessible sibling directories, potentially leading to unauthorized data access and modification, especially in multi-tenant environments."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-35397"},{"name":"RHBZ#2466858","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466858"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35397.json"}],"timeline":[{"lang":"en","time":"2026-05-05T20:01:20.132Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-05T19:37:33.810Z","value":"Made public."}],"title":"jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal Vulnerability","workarounds":[{"lang":"en","value":"To mitigate this issue, ensure that directory names within Jupyter Server deployments do not share common prefixes with sibling directories. This operational control prevents authenticated users from exploiting the path traversal vulnerability to access unauthorized content. For example, avoid naming directories 'user1' and 'user10' if 'user' is a common prefix. This mitigation does not require service restarts or reloads."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-07-08T12:06:12.587Z"}}]}}