LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-42266

CVE-2026-42266 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: May 13, 2026

JupyterLab - Broken Access Control

Published: May 13, 2026Updated: May 13, 2026Remote Exploitable

Overview

JupyterLab 4.0.0 to 4.5.6 contains a broken access control vulnerability caused by improper enforcement of the allow-list for extensions in the PyPI Extension Manager, letting attackers install unauthorized extensions, exploit requires use of the PyPI Extension Manager.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 6.2%(Probability of exploitation in next 30 days)

Impact

Attackers can install unauthorized extensions, potentially leading to code execution or privilege escalation.

Mitigation

Upgrade to version 4.5.7 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
May 13, 2026

šŸŸ  CVE-2026-42266 - High (8.8) jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-42266/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 13, 2026

šŸŸ  CVE-2026-42266 - High (8.8) jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-42266/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 13, 2026

šŸŸ  CVE-2026-42266 - High (8.8) jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-42266/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
May 13, 2026

šŸŸ  CVE-2026-42266 - High (8.8) jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-42266/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-42266
Severity
High
CVSS Score
8.8
Type
broken_access_control
Status
unconfirmed
EPSS
6.2%
Social Posts
4

CWE

  • CWE-88

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.2%Probability of exploitation in the next 30 days