CVE-2026-39378 Overview
CVE-2026-39378 is a path traversal vulnerability affecting Jupyter nbconvert, a widely-used tool that converts Jupyter notebooks to various output formats via Jinja templates. When the HTMLExporter.embed_images=True configuration option is enabled, the nbconvert markdown renderer fails to properly sanitize image reference paths, allowing attackers to read arbitrary files from the conversion host system through malicious path traversal sequences in notebook image references.
A threat actor can craft a malicious Jupyter notebook containing specially crafted image references that traverse the file system to access sensitive files. When converted to HTML with embedded images enabled, these files are exfiltrated by being embedded as base64 data URIs directly in the output HTML. This vulnerability poses a significant risk in environments where untrusted notebooks are processed, particularly automated conversion pipelines and shared Jupyter infrastructure.
Critical Impact
Attackers can exfiltrate sensitive files including configuration files, credentials, private keys, and other confidential data from the conversion host by exploiting improper path validation in image embedding functionality.
Affected Products
- Jupyter nbconvert versions 6.5 through 7.17.0
Discovery Timeline
- 2026-04-21 - CVE CVE-2026-39378 published to NVD
- 2026-04-23 - Last updated in NVD database
Technical Details for CVE-2026-39378
Vulnerability Analysis
This path traversal vulnerability (CWE-22) exists in nbconvert's markdown rendering component when processing image references during HTML export with embedded images enabled. The core issue stems from insufficient validation of file paths referenced in notebook markdown cells when the HTMLExporter.embed_images option is set to True.
When this configuration is active, nbconvert reads local image files and converts them to base64 data URIs for inclusion in the output HTML. However, the path resolution logic fails to properly restrict file access to the notebook's directory or a designated safe location. An attacker can inject path traversal sequences (such as ../) in image source references within a malicious notebook, allowing them to reference and read arbitrary files accessible to the process running nbconvert.
The attack requires user interaction in the sense that a victim must convert the malicious notebook, but this can occur automatically in CI/CD pipelines, documentation generation systems, or shared Jupyter environments where notebooks are routinely converted to HTML for distribution or publishing.
Root Cause
The root cause of CVE-2026-39378 is improper input validation in the image path handling logic within nbconvert's HTML exporter. When embed_images is enabled, the markdown renderer processes image references without adequately sanitizing or validating the paths against directory traversal attacks. The component fails to canonicalize paths and verify that resolved file locations remain within expected boundaries before reading file contents for base64 encoding.
Attack Vector
The attack is network-accessible and requires minimal complexity to execute. An attacker creates a malicious Jupyter notebook containing markdown cells with image references that include path traversal sequences pointing to sensitive files on the target system. When the notebook is converted to HTML with embed_images=True, the nbconvert tool reads the referenced files and embeds their contents as base64-encoded data URIs in the output.
Common attack scenarios include:
- Exfiltrating /etc/passwd, /etc/shadow, or SSH private keys on Linux systems
- Reading application configuration files containing database credentials or API keys
- Accessing environment files and secrets in containerized deployments
- Extracting source code or proprietary data from the conversion server
The attacker can then retrieve the output HTML through normal channels (documentation sites, CI artifacts, shared drives) to extract the exfiltrated data by decoding the embedded base64 content.
Detection Methods for CVE-2026-39378
Indicators of Compromise
- Presence of notebooks containing suspicious image references with ../ path traversal sequences
- HTML output files containing unexpectedly large base64 data URIs that decode to text content (configuration files, keys)
- Unusual file access patterns from nbconvert processes accessing files outside notebook directories
- Notebooks with image references pointing to system paths like /etc/, /home/, or Windows system directories
Detection Strategies
- Implement file integrity monitoring on sensitive configuration files and credential stores
- Review nbconvert configuration to identify instances where HTMLExporter.embed_images=True is enabled
- Scan existing notebooks for suspicious path patterns in image references using grep or similar tools
- Monitor process file access using auditd or similar tools to detect nbconvert accessing sensitive system files
- Implement content security policies for generated HTML to detect anomalous embedded data
Monitoring Recommendations
- Enable logging for nbconvert operations in production and CI/CD environments
- Set up alerts for file read operations from nbconvert processes accessing paths outside expected directories
- Periodically audit notebooks processed in shared environments for malicious content
- Monitor output HTML file sizes for anomalies that could indicate embedded sensitive data
How to Mitigate CVE-2026-39378
Immediate Actions Required
- Upgrade Jupyter nbconvert to version 7.17.1 or later immediately
- Review current nbconvert configurations and disable HTMLExporter.embed_images if not strictly required
- Audit existing notebooks processed in your environment for potential exploitation attempts
- Implement sandboxing or containerization for notebook conversion processes to limit file system access
Patch Information
The vulnerability is fixed in nbconvert version 7.17.1. The patch addresses the path traversal issue by implementing proper path validation and sanitization in the image embedding functionality. For detailed information about the fix, refer to the GitHub Release v7.17.1 and the GitHub Security Advisory GHSA-7jqv-fw35-gmx9.
To upgrade nbconvert using pip:
pip install --upgrade nbconvert>=7.17.1
Workarounds
- Disable the HTMLExporter.embed_images configuration option; it is not enabled by default
- Run nbconvert processes in isolated containers with minimal file system access
- Implement preprocessing steps to scan and sanitize notebooks before conversion
- Use read-only file system mounts for sensitive directories when running nbconvert
# Configuration example - Ensure embed_images is disabled in your nbconvert config
# ~/.jupyter/nbconvert_config.py or jupyter_nbconvert_config.py
c.HTMLExporter.embed_images = False
# Or when running from command line, explicitly disable:
jupyter nbconvert --to html --HTMLExporter.embed_images=False notebook.ipynb
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
