GHSA-C336-7962-WFJ2
Vulnerability from github – Published: 2026-01-16 16:58 – Updated: 2026-01-16 19:11Impact
When Jupyter Lab, jupyter-server-proxy and Dask distributed are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard.
It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel.
In order for a user to be impacted they must be running Jupyter Lab locally on the default port (with the jupyter-server-proxy) and a Dask distributed cluster on the default port. Then they would need to click the link which would execute the malicious code.
Patches
This has been fixed in the 2026.1.1 release. All users should upgrade to this version.
Mitigations
There are no known workarounds for this bug. The only complete solution is to upgrade to a newer release of Dask. However, there are a few things you could do to reduce your risk.
It is possible to avoid code execution via Jupyter by uninstalling the jupyter-server-proxy and accessing the Dask dashboard directly at it's URL. However, it is still possible for an attacker to craft a URL that executes JavaScript in the user's browser in the Dask dashboard. Which is still a moderate vulnerability. Therefore we recommend all users upgrade to the latest Dask release.
Another potential mitigation is to ensure both Jupyter and the Dask dashboard are running on non-standard ports. While this doesn't resolve the problem it reduces the chance of this being exploited. If an attacker knew which ports you were using they could still craft a malicious URL, but it would require a more targeted attack.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "distributed"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23528"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-16T16:58:16Z",
"nvd_published_at": "2026-01-16T17:15:54Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen [Jupyter Lab](https://jupyterlab.readthedocs.io/en/latest/), [jupyter-server-proxy](https://github.com/jupyterhub/jupyter-server-proxy) and [Dask distributed](https://github.com/dask/distributed) are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard.\n\nIt is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel.\n\nIn order for a user to be impacted they must be running Jupyter Lab locally on the default port (with the [jupyter-server-proxy](https://github.com/jupyterhub/jupyter-server-proxy)) and a Dask distributed cluster on the default port. Then they would need to click the link which would execute the malicious code.\n\n### Patches\nThis has been fixed in the `2026.1.1` release. All users should upgrade to this version.\n\n### Mitigations\nThere are no known workarounds for this bug. The only complete solution is to upgrade to a newer release of Dask. However, there are a few things you could do to reduce your risk.\n\nIt is possible to avoid code execution via Jupyter by uninstalling the [jupyter-server-proxy](https://github.com/jupyterhub/jupyter-server-proxy) and accessing the Dask dashboard directly at it\u0027s URL. However, it is still possible for an attacker to craft a URL that executes JavaScript in the user\u0027s browser in the Dask dashboard. Which is still a moderate vulnerability. Therefore we recommend all users upgrade to the latest Dask release.\n\nAnother potential mitigation is to ensure both Jupyter and the Dask dashboard are running on non-standard ports. While this doesn\u0027t resolve the problem it reduces the chance of this being exploited. If an attacker knew which ports you were using they could still craft a malicious URL, but it would require a more targeted attack.",
"id": "GHSA-c336-7962-wfj2",
"modified": "2026-01-16T19:11:05Z",
"published": "2026-01-16T16:58:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dask/distributed/security/advisories/GHSA-c336-7962-wfj2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23528"
},
{
"type": "WEB",
"url": "https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa"
},
{
"type": "PACKAGE",
"url": "https://github.com/dask/distributed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.