Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Fedora 44 python-jupyter-server High CVE Fixes 2026-dd1d19e58b

fedora
Calendar Grey July 4, 2026
Dist Fedora Esm H88
Fixes high-severity security issue in Jupyter Server with improved vulnerabilities.
New version fixing high-severity CVE

Summary

The Jupyter Server provides the backend (i.e. the core services,

APIs, and REST endpoints) for Jupyter web applications like

Jupyter notebook, JupyterLab, and Voila.

Update Information:

New version fixing high-severity CVE. New version of jupyter-server fixing various security vulnerabilities.

Change Log

* Fri Jun 19 2026 Lumir Balhar - 2.20.0-1 - Update to 2.20.0 (rhbz#2489836) * Thu Jun 4 2026 Python Maint - 2.19.0-2 - Rebuilt for Python 3.15 * Mon Jun 1 2026 Lumir Balhar - 2.19.0-1 - Update to 2.19.0 (rhbz#2483209) * Mon May 11 2026 Lumir Balhar - 2.18.2-1 - Update to 2.18.2 (rhbz#2466683) * Tue May 5 2026 Lumir Balhar - 2.18.0-1 - Update to 2.18.0 (rhbz#2465646) * Tue Apr 14 2026 Tomáš Hrnčiar - 2.17.0-5 - Raise pytest upper bound to allow pytest 9 * Fri Mar 20 2026 Lumir Balhar - 2.17.0-4 - Ignore deprecation warnings from ptyprocess:pty to fix build with Python 3.15 alpha 7

References


[ 1 ] Bug #2484708 - CVE-2026-35397 python-jupyter-server: Jupyter Server: Unauthorized File Access via Path Traversal Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484708 [ 2 ] Bug #2484713 - CVE-2026-40934 python-jupyter-server: Jupyter Server: Authentication bypass due to unrotated cookie secret [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2484713 [ 3 ] Bug #2485374 - CVE-2026-6657 python-jupyter-server: jupyter-server: Arbitrary code execution due to CORS origin validation bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2485374

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-dd1d19e58b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
high
Lowest
Low
Medium
High
Critical

Name: python-jupyter-server
Product: Fedora 44
Version: 2.20.0
Release: 1.fc44
Summary: The backend for Jupyter web applications

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here