Skip to content

CVE lookup

CVE-2026-35397

Pruva has a verified reproduction for CVE-2026-35397: Jupyter Server: path traversal via faulty startswith() root containment check. The canonical evidence record is REPRO-2026-00153.

REPRO

REPRO-2026-00153

Package

jupyter-server · pip

Severity

HIGH

Status

published