{"id":"CVE-2026-5422","summary":"Path Traversal in jupyter/jupyter","details":"A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator, allowing sibling directories with names starting with the same prefix as root_dir to bypass the check. Additionally, the to_os_path() function in utils.py does not strip \"..\" from path parts, enabling traversal sequences to bypass the vulnerable check. This vulnerability can lead to unauthorized read/write access to files in sibling directories, potentially exposing sensitive data in shared hosting environments.","aliases":["GHSA-gf7q-q4j7-hp7c"],"modified":"2026-07-09T22:26:41.192865218Z","published":"2026-06-02T09:11:15.755Z","related":["openSUSE-SU-2026:10972-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5422.json","cna_assigner":"@huntr_ai","cwe_ids":["CWE-23"]},"references":[{"type":"WEB","url":"https://huntr.com/bounties/24a36953-6490-466f-8cb2-a90d1ca56e0f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5422.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5422"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jupyter-server/jupyter_server","events":[{"introduced":"3b03c644b56cf100f4535f70e2e8f4a45a57a5b8"},{"last_affected":"3b03c644b56cf100f4535f70e2e8f4a45a57a5b8"}],"database_specific":{"source":"CPE_STRING","extracted_events":[{"introduced":"2.17.0"},{"last_affected":"2.17.0"}],"cpe":"cpe:2.3:a:jupyter:jupyter_server:2.17.0:*:*:*:*:*:*:*"}}],"versions":["2.17.0","v2.17.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5422.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}