CVE-2026-42557 - JupyterLab's command linker attributes in HTML enable one-click command executio
CVE-2026-42557 - JupyterLab's command linker attributes in HTML enable one-click command executio
GHSA-mqcg-5x36-vfcg HIGH pip/jupyterlab
CVE: CVE-2026-42557
JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user.
Impact
An attacker who shares a notebook or a Markdown file - via email, GitHub, or a Binder link - can invoke an arbitrary command upon a single click by the victim. The button can be rendered inside the output area and be visually indistinguishable from a legitimate widget. No kernel needs to start; the HTML output is stored in the notebook file and displayed immediately on open.
Single-click impact
An attacker convincing the victim to click on a single button or link can:
- execute arbitrary code in the available kernels,
- delete files leading to information loss; in principle the loss could be unrecoverable, depending on server configuration and attack complexity,
- open multiple kernels/terminals at once, or create multiple files at once, putting significant stress on the server and thus deny availability for other users when using standalone multi-tenant jupyter-server deployment, and to a lesser degree impact availability on JupyterHub deployments.
The arbitrary code execution will be immediately visible to the user; and can be halted by the timely user intervention. The deletion of files can be silent and go unnoticed for some time.
Multi-click attacks
An attacker who convinces the victim to click on multiple buttons in specific order and to grant access to clipboard (or in scenarios where the user already granted keyboard access) can obtain full access to the terminal and execute arbitrary commands in the environme
📌 来源: GitHub-Advisory | 🆔 CVE-2026-42557 | 📅 2026-05-06