Vulnerability-Lookup

OPENSUSE-SU-2026:10710-1

Vulnerability from csaf_opensuse - Published: 2026-05-06 00:00 - Updated: 2026-05-06 00:00

Summary

python311-jupyter-server-2.18.1-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: python311-jupyter-server-2.18.1-1.1 on GA media

Description of the patch: These are all security issues fixed in the python311-jupyter-server-2.18.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10710

CVE-2025-61669

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-35397

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-40110

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-40934

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/o…	self
	https://www.suse.com/security/cve/CVE-2025-61669/	self
	https://www.suse.com/security/cve/CVE-2026-35397/	self
	https://www.suse.com/security/cve/CVE-2026-40110/	self
	https://www.suse.com/security/cve/CVE-2026-40934/	self
	https://www.suse.com/security/cve/CVE-2025-61669	external
	https://bugzilla.suse.com/1264161	external
	https://www.suse.com/security/cve/CVE-2026-35397	external
	https://bugzilla.suse.com/1264212	external
	https://www.suse.com/security/cve/CVE-2026-40110	external
	https://bugzilla.suse.com/1264213	external
	https://www.suse.com/security/cve/CVE-2026-40934	external
	https://bugzilla.suse.com/1264214	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python311-jupyter-server-2.18.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python311-jupyter-server-2.18.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10710",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10710-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-61669 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-61669/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-35397 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-35397/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-40110 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-40110/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-40934 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-40934/"
      }
    ],
    "title": "python311-jupyter-server-2.18.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-05-06T00:00:00Z",
      "generator": {
        "date": "2026-05-06T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10710-1",
      "initial_release_date": "2026-05-06T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-05-06T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-jupyter-server-2.18.1-1.1.aarch64",
                "product": {
                  "name": "python311-jupyter-server-2.18.1-1.1.aarch64",
                  "product_id": "python311-jupyter-server-2.18.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-jupyter-server-test-2.18.1-1.1.aarch64",
                "product": {
                  "name": "python311-jupyter-server-test-2.18.1-1.1.aarch64",
                  "product_id": "python311-jupyter-server-test-2.18.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-jupyter-server-2.18.1-1.1.aarch64",
                "product": {
                  "name": "python313-jupyter-server-2.18.1-1.1.aarch64",
                  "product_id": "python313-jupyter-server-2.18.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-jupyter-server-test-2.18.1-1.1.aarch64",
                "product": {
                  "name": "python313-jupyter-server-test-2.18.1-1.1.aarch64",
                  "product_id": "python313-jupyter-server-test-2.18.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-jupyter-server-2.18.1-1.1.aarch64",
                "product": {
                  "name": "python314-jupyter-server-2.18.1-1.1.aarch64",
                  "product_id": "python314-jupyter-server-2.18.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-jupyter-server-test-2.18.1-1.1.aarch64",
                "product": {
                  "name": "python314-jupyter-server-test-2.18.1-1.1.aarch64",
                  "product_id": "python314-jupyter-server-test-2.18.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-jupyter-server-2.18.1-1.1.ppc64le",
                "product": {
                  "name": "python311-jupyter-server-2.18.1-1.1.ppc64le",
                  "product_id": "python311-jupyter-server-2.18.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python311-jupyter-server-test-2.18.1-1.1.ppc64le",
                "product": {
                  "name": "python311-jupyter-server-test-2.18.1-1.1.ppc64le",
                  "product_id": "python311-jupyter-server-test-2.18.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-jupyter-server-2.18.1-1.1.ppc64le",
                "product": {
                  "name": "python313-jupyter-server-2.18.1-1.1.ppc64le",
                  "product_id": "python313-jupyter-server-2.18.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python313-jupyter-server-test-2.18.1-1.1.ppc64le",
                "product": {
                  "name": "python313-jupyter-server-test-2.18.1-1.1.ppc64le",
                  "product_id": "python313-jupyter-server-test-2.18.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python314-jupyter-server-2.18.1-1.1.ppc64le",
                "product": {
                  "name": "python314-jupyter-server-2.18.1-1.1.ppc64le",
                  "product_id": "python314-jupyter-server-2.18.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python314-jupyter-server-test-2.18.1-1.1.ppc64le",
                "product": {
                  "name": "python314-jupyter-server-test-2.18.1-1.1.ppc64le",
                  "product_id": "python314-jupyter-server-test-2.18.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-jupyter-server-2.18.1-1.1.s390x",
                "product": {
                  "name": "python311-jupyter-server-2.18.1-1.1.s390x",
                  "product_id": "python311-jupyter-server-2.18.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python311-jupyter-server-test-2.18.1-1.1.s390x",
                "product": {
                  "name": "python311-jupyter-server-test-2.18.1-1.1.s390x",
                  "product_id": "python311-jupyter-server-test-2.18.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-jupyter-server-2.18.1-1.1.s390x",
                "product": {
                  "name": "python313-jupyter-server-2.18.1-1.1.s390x",
                  "product_id": "python313-jupyter-server-2.18.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python313-jupyter-server-test-2.18.1-1.1.s390x",
                "product": {
                  "name": "python313-jupyter-server-test-2.18.1-1.1.s390x",
                  "product_id": "python313-jupyter-server-test-2.18.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python314-jupyter-server-2.18.1-1.1.s390x",
                "product": {
                  "name": "python314-jupyter-server-2.18.1-1.1.s390x",
                  "product_id": "python314-jupyter-server-2.18.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python314-jupyter-server-test-2.18.1-1.1.s390x",
                "product": {
                  "name": "python314-jupyter-server-test-2.18.1-1.1.s390x",
                  "product_id": "python314-jupyter-server-test-2.18.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python311-jupyter-server-2.18.1-1.1.x86_64",
                "product": {
                  "name": "python311-jupyter-server-2.18.1-1.1.x86_64",
                  "product_id": "python311-jupyter-server-2.18.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python311-jupyter-server-test-2.18.1-1.1.x86_64",
                "product": {
                  "name": "python311-jupyter-server-test-2.18.1-1.1.x86_64",
                  "product_id": "python311-jupyter-server-test-2.18.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-jupyter-server-2.18.1-1.1.x86_64",
                "product": {
                  "name": "python313-jupyter-server-2.18.1-1.1.x86_64",
                  "product_id": "python313-jupyter-server-2.18.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python313-jupyter-server-test-2.18.1-1.1.x86_64",
                "product": {
                  "name": "python313-jupyter-server-test-2.18.1-1.1.x86_64",
                  "product_id": "python313-jupyter-server-test-2.18.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-jupyter-server-2.18.1-1.1.x86_64",
                "product": {
                  "name": "python314-jupyter-server-2.18.1-1.1.x86_64",
                  "product_id": "python314-jupyter-server-2.18.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python314-jupyter-server-test-2.18.1-1.1.x86_64",
                "product": {
                  "name": "python314-jupyter-server-test-2.18.1-1.1.x86_64",
                  "product_id": "python314-jupyter-server-test-2.18.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-jupyter-server-2.18.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64"
        },
        "product_reference": "python311-jupyter-server-2.18.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-jupyter-server-2.18.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le"
        },
        "product_reference": "python311-jupyter-server-2.18.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-jupyter-server-2.18.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x"
        },
        "product_reference": "python311-jupyter-server-2.18.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-jupyter-server-2.18.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64"
        },
        "product_reference": "python311-jupyter-server-2.18.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-jupyter-server-test-2.18.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64"
        },
        "product_reference": "python311-jupyter-server-test-2.18.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-jupyter-server-test-2.18.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le"
        },
        "product_reference": "python311-jupyter-server-test-2.18.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-jupyter-server-test-2.18.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x"
        },
        "product_reference": "python311-jupyter-server-test-2.18.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python311-jupyter-server-test-2.18.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64"
        },
        "product_reference": "python311-jupyter-server-test-2.18.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-jupyter-server-2.18.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64"
        },
        "product_reference": "python313-jupyter-server-2.18.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-jupyter-server-2.18.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le"
        },
        "product_reference": "python313-jupyter-server-2.18.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-jupyter-server-2.18.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x"
        },
        "product_reference": "python313-jupyter-server-2.18.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-jupyter-server-2.18.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64"
        },
        "product_reference": "python313-jupyter-server-2.18.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-jupyter-server-test-2.18.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64"
        },
        "product_reference": "python313-jupyter-server-test-2.18.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-jupyter-server-test-2.18.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le"
        },
        "product_reference": "python313-jupyter-server-test-2.18.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-jupyter-server-test-2.18.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x"
        },
        "product_reference": "python313-jupyter-server-test-2.18.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python313-jupyter-server-test-2.18.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64"
        },
        "product_reference": "python313-jupyter-server-test-2.18.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-jupyter-server-2.18.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64"
        },
        "product_reference": "python314-jupyter-server-2.18.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-jupyter-server-2.18.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le"
        },
        "product_reference": "python314-jupyter-server-2.18.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-jupyter-server-2.18.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x"
        },
        "product_reference": "python314-jupyter-server-2.18.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-jupyter-server-2.18.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64"
        },
        "product_reference": "python314-jupyter-server-2.18.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-jupyter-server-test-2.18.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64"
        },
        "product_reference": "python314-jupyter-server-test-2.18.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-jupyter-server-test-2.18.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le"
        },
        "product_reference": "python314-jupyter-server-test-2.18.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-jupyter-server-test-2.18.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x"
        },
        "product_reference": "python314-jupyter-server-test-2.18.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python314-jupyter-server-test-2.18.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
        },
        "product_reference": "python314-jupyter-server-test-2.18.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-61669",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-61669"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-61669",
          "url": "https://www.suse.com/security/cve/CVE-2025-61669"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1264161 for CVE-2025-61669",
          "url": "https://bugzilla.suse.com/1264161"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-06T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-61669"
    },
    {
      "cve": "CVE-2026-35397",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-35397"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named \"test\", the API permits access to a sibling directory named \"testtest\" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named \"user1\" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. \n\nVersion 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-35397",
          "url": "https://www.suse.com/security/cve/CVE-2026-35397"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1264212 for CVE-2026-35397",
          "url": "https://bugzilla.suse.com/1264212"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-06T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-35397"
    },
    {
      "cve": "CVE-2026-40110",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-40110"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python\u0027s re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-40110",
          "url": "https://www.suse.com/security/cve/CVE-2026-40110"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1264213 for CVE-2026-40110",
          "url": "https://bugzilla.suse.com/1264213"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-06T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-40110"
    },
    {
      "cve": "CVE-2026-40934",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-40934"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued authentication cookie remains cryptographically valid because the signing key has not changed. An attacker who has captured a session cookie through any means retains full authenticated access to the server regardless of subsequent password changes. This affects deployments using password-based authentication, particularly shared or public-facing servers where credential rotation is expected to revoke existing sessions. This issue has been fixed in version 2.18.0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x",
          "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-40934",
          "url": "https://www.suse.com/security/cve/CVE-2026-40934"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1264214 for CVE-2026-40934",
          "url": "https://bugzilla.suse.com/1264214"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python311-jupyter-server-test-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python313-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python313-jupyter-server-test-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python314-jupyter-server-2.18.1-1.1.x86_64",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.aarch64",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.ppc64le",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.s390x",
            "openSUSE Tumbleweed:python314-jupyter-server-test-2.18.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-06T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-40934"
    }
  ]
}

CVE-2025-61669 (GCVE-0-2025-61669)

Vulnerability from cvelistv5 – Published: 2026-05-05 15:28 – Updated: 2026-05-05 20:16

Title

jupyter_server next parameter open redirect can redirect users to external domains

Summary

Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.

Severity ?

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

GitHub_M

References

URL

Tags

https://github.com/jupyter-server/jupyter_server/…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	jupyter-server	jupyter_server	Affected: <= 2.17.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61669",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-05T20:16:38.460105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-05T20:16:59.332Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jupyter_server",
          "vendor": "jupyter-server",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.17.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-05T15:28:43.833Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-qh7q-6qm3-653w"
        }
      ],
      "source": {
        "advisory": "GHSA-qh7q-6qm3-653w",
        "discovery": "UNKNOWN"
      },
      "title": "jupyter_server next parameter open redirect can redirect users to external domains"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61669",
    "datePublished": "2026-05-05T15:28:43.833Z",
    "dateReserved": "2025-09-29T20:25:16.180Z",
    "dateUpdated": "2026-05-05T20:16:59.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40934 (GCVE-0-2026-40934)

Vulnerability from cvelistv5 – Published: 2026-05-05 21:31 – Updated: 2026-05-07 12:48

Title

jupyter-server authentication cookies remain valid after password reset due to static cookie secret

Summary

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued authentication cookie remains cryptographically valid because the signing key has not changed. An attacker who has captured a session cookie through any means retains full authenticated access to the server regardless of subsequent password changes. This affects deployments using password-based authentication, particularly shared or public-facing servers where credential rotation is expected to revoke existing sessions. This issue has been fixed in version 2.18.0.

Severity ?

7.6 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-613 - Insufficient Session Expiration

Assigner

GitHub_M

References

URL

Tags

https://github.com/jupyter-server/jupyter_server/…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	jupyter-server	jupyter_server	Affected: < 2.18.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T03:55:46.015938Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T12:48:21.223Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jupyter_server",
          "vendor": "jupyter-server",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.18.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated when a user changes their password. After a password reset and server restart, any previously issued authentication cookie remains cryptographically valid because the signing key has not changed. An attacker who has captured a session cookie through any means retains full authenticated access to the server regardless of subsequent password changes. This affects deployments using password-based authentication, particularly shared or public-facing servers where credential rotation is expected to revoke existing sessions. This issue has been fixed in version 2.18.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613: Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-05T21:31:42.897Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5mrq-x3x5-8v8f"
        }
      ],
      "source": {
        "advisory": "GHSA-5mrq-x3x5-8v8f",
        "discovery": "UNKNOWN"
      },
      "title": "jupyter-server authentication cookies remain valid after password reset due to static cookie secret"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40934",
    "datePublished": "2026-05-05T21:31:42.897Z",
    "dateReserved": "2026-04-15T20:40:15.518Z",
    "dateUpdated": "2026-05-07T12:48:21.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35397 (GCVE-0-2026-35397)

Vulnerability from cvelistv5 – Published: 2026-05-05 19:37 – Updated: 2026-05-07 03:55

Title

jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix

Summary

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named "test", the API permits access to a sibling directory named "testtest" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named "user1" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. Version 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory.

Severity ?

7.6 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

URL

Tags

https://github.com/jupyter-server/jupyter_server/…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	jupyter-server	jupyter_server	Affected: < 2.18.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35397",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-06T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T03:55:44.058Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jupyter_server",
          "vendor": "jupyter-server",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.18.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_dir and access sibling directories whose names begin with the same prefix as the root_dir. For example, with a root_dir named \"test\", the API permits access to a sibling directory named \"testtest\" through a crafted request to the /api/contents endpoint using encoded path components. An attacker can read, write, and delete files in affected sibling directories. Multi-tenant deployments using predictable naming schemes are particularly at risk, as a user with a directory named \"user1\" could access directories for user10 through user19 and beyond. A user who can choose a single-character folder name could gain access to a significant number of sibling directories. \n\nVersion 2.18.0 contains a fix. As a workaround, ensure folder names do not share a common prefix with any sibling directory."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-05T19:37:33.810Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-5789-5fc7-67v3"
        }
      ],
      "source": {
        "advisory": "GHSA-5789-5fc7-67v3",
        "discovery": "UNKNOWN"
      },
      "title": "jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-35397",
    "datePublished": "2026-05-05T19:37:33.810Z",
    "dateReserved": "2026-04-02T17:03:42.074Z",
    "dateUpdated": "2026-05-07T03:55:44.058Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40110 (GCVE-0-2026-40110)

Vulnerability from cvelistv5 – Published: 2026-05-05 21:29 – Updated: 2026-05-07 12:47

Title

jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat

Summary

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0.

Severity ?

7.6 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

CWE

CWE-777 - Regular Expression without Anchors

Assigner

GitHub_M

References

URL

Tags

	https://github.com/jupyter-server/jupyter_server/…	x_refsource_CONFIRM
	https://github.com/jupyter-server/jupyter_server/…	x_refsource_MISC
	https://github.com/jupyter-server/jupyter_server/…	x_refsource_MISC
	https://github.com/jupyter-server/jupyter_server/…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	jupyter-server	jupyter_server	Affected: <= 2.17.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40110",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T03:55:47.112003Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T12:47:52.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jupyter_server",
          "vendor": "jupyter-server",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.17.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python\u0027s re.match() to check incoming origins against the allow_origin_pat configuration value. Because re.match() only anchors at the start of the string and does not require a full match, a pattern intended to match only a trusted domain (e.g., trusted.example.com) will also match any origin that begins with that domain followed by additional characters (e.g., trusted.example.com.evil.com). An attacker who controls such a domain can bypass the CORS origin restriction and make cross-origin requests to the Jupyter Server API from an untrusted site. This issue has been fixed in version 2.18.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-777",
              "description": "CWE-777: Regular Expression without Anchors",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-05T21:29:31.323Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-24qx-w28j-9m6p"
        },
        {
          "name": "https://github.com/jupyter-server/jupyter_server/pull/603",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/pull/603"
        },
        {
          "name": "https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/commit/057869a327c46730afede3eab0ca2d2e3e74acea"
        },
        {
          "name": "https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jupyter-server/jupyter_server/commit/49b34392feaa97735b3b777e3baf8f22f2a14ed8"
        }
      ],
      "source": {
        "advisory": "GHSA-24qx-w28j-9m6p",
        "discovery": "UNKNOWN"
      },
      "title": "jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40110",
    "datePublished": "2026-05-05T21:29:31.323Z",
    "dateReserved": "2026-04-09T01:41:38.536Z",
    "dateUpdated": "2026-05-07T12:47:52.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

OPENSUSE-SU-2026:10710-1

CVE-2025-61669 (GCVE-0-2025-61669)

CVE-2026-40934 (GCVE-0-2026-40934)

CVE-2026-35397 (GCVE-0-2026-35397)

CVE-2026-40110 (GCVE-0-2026-40110)

Tags

Sightings

Nomenclature