Listen to this Post
CVE-2026-21883 is a vulnerability in the Bokeh interactive visualization library for Python, specifically affecting versions 3.8.1 and below . The flaw resides in the server’s `match_host` function within server/util.py, which is responsible for validating WebSocket connection origins against an administrator-defined allowlist (e.g., dashboard.corp) . The vulnerability arises because the validation logic uses Python’s `zip()` function to compare the hostname parts against the pattern. `zip()` stops iterating when the shortest list (the pattern) is exhausted, and the code fails to check if the host (the incoming Origin) has additional segments . An attacker can exploit this by registering a malicious domain that starts with the allowlisted pattern, such as `dashboard.corp.attacker.com` . When a victim visits the attacker’s site, the site’s JavaScript can initiate a WebSocket connection to the vulnerable Bokeh server . The server incorrectly validates the Origin header (e.g., http://dashboard.corp.attacker.com/`) because the initial segments match the allowlist, and the extra `.attacker.com` is ignored. This allows the attacker to perform Cross-Site WebSocket Hijacking (CSWSH), potentially accessing sensitive data or modifying visualizations on the victim's behalf . The issue is patched in Bokeh version 3.8.2 .CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
Platform: Bokeh
Version: 3.8.1 and below
Vulnerability : Origin Validation Bypass
Severity: Medium
date: Jan 7 2026
<h2 style="color: blue;">Prediction: Patch already released (Jan 2026)</h2>
<h2 style="color: blue;">What Undercode Say:</h2>
<h2 style="color: blue;">Analytics</h2>
The vulnerability stems from improper hostname validation in the `match_host` function. The function fails to reject hostnames that are longer than the allowed pattern, effectively treating a subdomain of an allowed domain as valid. The CVSS 4.0 vector string is, indicating a network attack vector with low complexity, required user interaction, and high impact on confidentiality and integrity . Red Hat's analysis also assigns a CVSS 3.1 base score of 5.4 (Medium) . The vulnerability is cataloged under CWE-1385: Missing Origin Validation in WebSockets .
<h2 style="color: blue;">Bash Commands & Code</h2>
<h2 style="color: blue;">Check Current Bokeh Version:</h2>
pip show bokeh | grep Version
<h2 style="color: blue;">Upgrade to Patched Version (3.8.2 or later):</h2>
pip install --upgrade bokeh>=3.8.2
<h2 style="color: blue;">or using conda:</h2>
conda update bokeh
<h2 style="color: blue;">Verify Upgrade:</h2>
python -c "import bokeh; print(bokeh.__version__)"
<h2 style="color: blue;">Exploit</h2>
The attacker first sets up a malicious domain that is a superset of the target's allowlist, such astarget.com.evil.com. They then host a webpage with the following JavaScript, which attempts to connect to the vulnerable Bokeh server atwss://target.com/ws`:
let ws = new WebSocket("wss://target.com/ws");
ws.onopen = function() {
// Connection accepted due to flawed validation
ws.send("malicious command");
};
If the victim is authenticated to the Bokeh server, the attacker can now send commands through the established WebSocket connection, effectively operating with the victim’s privileges .
Protection from this CVE
- Upgrade Bokeh: Immediately update to Bokeh version 3.8.2 or later .
- Strict Reverse-Proxy Validation: Place the Bokeh server behind a reverse proxy (like Nginx) that performs its own strict `Host` and `Origin` header validation before forwarding traffic .
- Network Segmentation: If the Bokeh server is for internal use, ensure it is not exposed to the public internet and is only accessible via internal networks or VPNs .
- Implement Authentication: Use Bokeh’s authentication hooks to require user login before any WebSocket communication is allowed, which mitigates the risk of unauthorized interaction even if a connection is established .
Impact
A successful exploit allows an attacker to bypass the intended origin restrictions of a Bokeh server. This can lead to unauthorized access to sensitive data rendered by the server and the ability to modify or manipulate interactive visualizations . The attack requires user interaction (the victim must visit a malicious site) and only affects publicly deployed servers configured with an allowlist . It does not affect static HTML outputs, Jupyter notebooks, or servers on private networks .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

