Jupyter Server <2.18.0 REST API Path Traversal via /api/contents
CVE-2026-35397 Published on May 5, 2026
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories.
Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.
Vulnerability Analysis
CVE-2026-35397 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2026-35397. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2026-35397 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2026-35397
stack.watch emails you whenever new vulnerabilities are published in Red Hat Migration Toolkit Applications or Red Hat Openshift Ai. Just hit a watch button to start following.
Affected Versions
jupyter-server jupyter_server:- Version < 2.18.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.