{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39378", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-06T21:29:17.350Z", "datePublished": "2026-04-21T00:17:00.684Z", "dateUpdated": "2026-04-21T13:43:29.081Z"}, "containers": {"cna": {"title": "nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-73", "lang": "en", "description": "CWE-73: External Control of File Name or Path", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9"}, {"name": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1"}], "affected": [{"vendor": "jupyter", "product": "nbconvert", "versions": [{"version": ">= 6.5, < 7.17.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T00:17:00.684Z"}, "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default."}], "source": {"advisory": "GHSA-7jqv-fw35-gmx9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T13:43:09.070985Z", "id": "CVE-2026-39378", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:43:29.081Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39378", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T13:43:09.070985Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T13:43:14.531Z"}}], "cna": {"title": "nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding", "source": {"advisory": "GHSA-7jqv-fw35-gmx9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "jupyter", "product": "nbconvert", "versions": [{"status": "affected", "version": ">= 6.5, < 7.17.1"}]}], "references": [{"url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9", "name": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "name": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T00:17:00.684Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39378", "state": "PUBLISHED", "dateUpdated": "2026-04-21T13:43:29.081Z", "dateReserved": "2026-04-06T21:29:17.350Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-21T00:17:00.684Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default."}], "id": "CVE-2026-39378", "lastModified": "2026-04-21T16:20:24.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T01:16:06.073", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/jupyter/nbconvert/releases/tag/v7.17.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-73"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.5,7.17.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "nbconvert", "source": "cna", "vendor": "jupyter"}, "product": "nbconvert", "vendor": "jupyter"}], "analysis": {"en": {"generated_at": "2026-04-21T15:33:52.779856+00:00", "value": {"mitigation_remediation": ["Update nbconvert to version 7.17.1 or later to apply the official fix.", "If immediate upgrade is not possible, configure the exporter to keep HTMLExporter.embed_images disabled to prevent the path traversal read path.", "Avoid converting notebooks from untrusted sources or restrict the execution environment so that the conversion process has no read access to sensitive files."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary File Read via Path Traversal"}, "threat_synthesis": {"affected_systems": "Pages that use the nbconvert tool from the Jupyter project, specifically versions 6.5 through 7.17.0. The flaw is tied to the configuration option HTMLExporter.embed_images, which is active only when explicitly enabled.", "description_and_impact": "The vulnerability in Jupyter nbconvert allows an attacker to read any file on the host system when embedding images as base64 data URIs within a notebook. By setting HTMLExporter.embed_images=True, the markdown renderer processes image references that contain path traversal strings, causing the conversion tool to read the referenced file and encode it for inclusion in the output HTML. This results in exfiltration of sensitive data, an instance of CWE\u201122 and CWE\u201173.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 6.5, indicating moderate severity, and is not flagged in CISA's Known Exploited Vulnerabilities catalog. The EPSS score is unavailable, so the current likelihood of exploitation is unknown, but the flaw requires a crafted notebook that the attacker can have converted on a host with access to the notebook. Because embed_images is not enabled by default, the attack vector relies on the attacker having control of the notebook conversion process."}}}}, "created": "2026-04-21T02:30:25.669575+00:00", "updated": "2026-04-21T15:37:55.179793+00:00", "vendors": ["jupyter", "jupyter$PRODUCT$nbconvert"]}