VDB
CVE-2026-40110
CVE-2026-40110
PUBLISHED
CVSS 7.599999904632568 HIGH
Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` (from huntr)
EPSS 0.01% · 1.1th percentile
Risk Scores
CVSS v4.0
7.599999904632568
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L
EPSS Score
0.01%
1.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| jupyter-server | jupyter_server | * |
| PyPI | jupyter-server | 0 |
Timeline
- May 5, 2026 CVE Published
- May 6, 2026 Security Advisory
- May 11, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p url
- https://github.com/jupyter-server/jupyter_server/pull/603 url
- https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea url
- https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8 url
- https://github.com/jupyter-server/jupyter_server package