CVE-2026-35397 - jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
CVE ID :CVE-2026-35397 Published : May 5, 2026, 7:37 p.m. | 50 minutes ago Description :Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Android ADB Auth Bypass Proof-of-Concept: CVE-2026-0073
- [CYBER] New stealthy Quasar Linux malware targets software developers
- [CYBER] (LEAD) Coupang swings to net loss in Q1 amid fallout from data breach
- [CYBER] Question regarding VDP
- [CYBER] New CVEs in Ollama & DAEMON Tools; Webhooks Lack Signature Checks
- [CYBER] CVE-2026-40934 - jupyter-server authentication cookies remain valid after password reset due to static cookie secret