{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39378", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-06T21:29:17.350Z", "datePublished": "2026-04-21T00:17:00.684Z", "dateUpdated": "2026-04-21T13:43:29.081Z"}, "containers": {"cna": {"title": "nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9"}, {"name": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1"}], "affected": [{"vendor": "jupyter", "product": "nbconvert", "versions": [{"version": ">= 6.5, < 7.17.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T00:17:00.684Z"}, "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default."}], "source": {"advisory": "GHSA-7jqv-fw35-gmx9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:43:09.070985Z", "id": "CVE-2026-39378", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:43:29.081Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39378", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T13:43:09.070985Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:43:14.531Z"}}], "cna": {"title": "nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding", "source": {"advisory": "GHSA-7jqv-fw35-gmx9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "jupyter", "product": "nbconvert", "versions": [{"status": "affected", "version": ">= 6.5, < 7.17.1"}]}], "references": [{"url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9", "name": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "name": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T00:17:00.684Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39378", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:43:29.081Z", "dateReserved": "2026-04-06T21:29:17.350Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-21T00:17:00.684Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jupyter:nbconvert:*:*:*:*:*:python:*:*", "matchCriteriaId": "B8ACC92D-6ED7-40BE-917E-5527F6746B60", "versionEndExcluding": "7.17.1", "versionStartIncluding": "6.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default."}], "id": "CVE-2026-39378", "lastModified": "2026-04-23T17:50:56.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T01:16:06.073", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "nbconvert: nbconvert: Sensitive file exfiltration via path traversal in image references", "id": "2459952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459952"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["A flaw was found in nbconvert, a tool used to convert Jupyter notebooks. A malicious notebook can exploit this vulnerability when the `HTMLExporter.embed_images` setting is enabled. This allows for path traversal in image references, which can lead to arbitrary file read. Consequently, sensitive files from the conversion host could be exposed by embedding them as base64 data in the output HTML."], "mitigation": {"lang": "en:us", "value": "To mitigate this vulnerability, ensure that the `HTMLExporter.embed_images` setting in nbconvert is not enabled. This setting is disabled by default, therefore no action is required unless it has been explicitly enabled in your environment. If this setting has been enabled, disabling it will prevent the path traversal vulnerability from being exploited."}, "name": "CVE-2026-39378", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_applications:8", "fix_state": "Not affected", "package_name": "mta/mta-solution-server-rhel9", "product_name": "Migration Toolkit for Applications 8"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite/iop-advisor-engine-rhel9", "product_name": "Red Hat Satellite 6"}], "public_date": "2026-04-21T00:17:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-39378\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-39378\nhttps://github.com/jupyter/nbconvert/releases/tag/v7.17.1\nhttps://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9"], "statement": "This Moderate impact flaw in nbconvert allows for sensitive file exfiltration through path traversal in image references. The vulnerability is exploitable only when the `HTMLExporter.embed_images` setting is explicitly enabled. This setting is not enabled by default in the nbconvert.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.5,7.17.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "nbconvert", "source": "cna", "vendor": "jupyter"}, "product": "nbconvert", "vendor": "jupyter"}], "analysis": {"en": {"generated_at": "2026-04-21T15:33:52.779856+00:00", "value": {"mitigation_remediation": ["Update nbconvert to version 7.17.1 or later to apply the official fix.", "If immediate upgrade is not possible, configure the exporter to keep HTMLExporter.embed_images disabled to prevent the path traversal read path.", "Avoid converting notebooks from untrusted sources or restrict the execution environment so that the conversion process has no read access to sensitive files."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary File Read via Path Traversal"}, "threat_synthesis": {"affected_systems": "Pages that use the nbconvert tool from the Jupyter project, specifically versions 6.5 through 7.17.0. The flaw is tied to the configuration option HTMLExporter.embed_images, which is active only when explicitly enabled.", "description_and_impact": "The vulnerability in Jupyter nbconvert allows an attacker to read any file on the host system when embedding images as base64 data URIs within a notebook. By setting HTMLExporter.embed_images=True, the markdown renderer processes image references that contain path traversal strings, causing the conversion tool to read the referenced file and encode it for inclusion in the output HTML. This results in exfiltration of sensitive data, an instance of CWE\u201122 and CWE\u201173.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 6.5, indicating moderate severity, and is not flagged in CISA's Known Exploited Vulnerabilities catalog. The EPSS score is unavailable, so the current likelihood of exploitation is unknown, but the flaw requires a crafted notebook that the attacker can have converted on a host with access to the notebook. Because embed_images is not enabled by default, the attack vector relies on the attacker having control of the notebook conversion process."}}}}, "created": "2026-04-21T02:30:25.669575+00:00", "updated": "2026-04-21T15:37:55.179793+00:00", "vendors": ["jupyter", "jupyter$PRODUCT$nbconvert"]}