Open Redirect Vulnerability in JupyterHub Software by Jupyter Project
CVE-2026-33709

5.1MEDIUM

Key Information:

Vendor: Jupyterhub
Status: Jupyterhub
Vendor: CVE Published:; 3 April 2026

What is CVE-2026-33709?

A significant security flaw has been identified in JupyterHub, a multi-user server software for Jupyter notebooks. This open redirect vulnerability allows attackers to create misleading links that redirect users away from JupyterHub to arbitrary sites controlled by the attacker. Upon clicking the link, users are initially directed to the JupyterHub login page, which then erroneously forwards them to potentially harmful external websites. This issue has been resolved in version 5.4.4 of JupyterHub, highlighting the importance of timely updates to maintain security.

Affected Version(s)

jupyterhub < 5.4.4

References

https://github.com/jupyterhub/jupyterhub/security/advisor...

x_refsource_CONFIRM

https://github.com/jupyterhub/jupyterhub/releases/tag/5.4.4

x_refsource_MISC

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33709 Data

JSON

Jupyterhub

What is CVE-2026-33709?

Affected Version(s)

References

CVSS V4

Timeline