What is GHSA-37w4-hwhx-4rc4?

GHSA-37w4-hwhx-4rc4 is a security advisory published by GitHub Security Advisories with High severity. JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

Which CVE IDs does GHSA-37w4-hwhx-4rc4 cover?

GHSA-37w4-hwhx-4rc4 covers the following CVE IDs: CVE-2026-42266. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-37w4-hwhx-4rc4?

GHSA-37w4-hwhx-4rc4 has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

Which products are affected by GHSA-37w4-hwhx-4rc4?

GHSA-37w4-hwhx-4rc4 affects 1 product, including: pip/jupyterlab:\u003e= 4.0.0, \u003c= 4.5.6.

GHSA-37w4-hwhx-4rc4HighCVSS 8.8

JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

Vendor

GitHub Security Advisories

Published

May 5, 2026

Last Modified

May 21, 2026

🔗 CVE IDs covered (1)

CVE-2026-42266 →

📋 Description

The allow-list of extensions that can be installed from PyPI Extension Manager (`allowed_extensions_uris`) is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments that: - have allow-listed specific extensions with aim to prevent users from installing packages - have the kernel and terminals disabled or delegated to remote hosts (thus no access to install packages in the single-user server environment) - have multi-tenant deployments that is not configured for untrusted users (as per documented on JupyterHub https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html) - have the (default) PyPI Extension Manager enabled ### Impact An authenticated attacker - such as a student in a shared JupyterHub environment or a user in a multi-tenant JupyterLab deployment - can escalate their privileges. This might allow for data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure. ### Patches JupyterLab [`v4.5.7`](https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7) contains the patch. Users of applications that depend on JupyterLab, such as Notebook v7+, should update `jupyterlab` package too. ### Workarounds Switch to read-only extension manager by adding the following command line option: ```bash --LabApp.extension_manager=readonly ``` or the following traitlet: ```python c.LabApp.extension_manager = 'readonly' ``` You can confirm that the read-only manager is in use from GUI: <img width="293" height="293" alt="image" src="https://github.com/user-attachments/assets/8016c809-633e-4ed0-a5bc-6bc4793caa0f" /> Note: configuration of a PyPI proxy with allow-listed packages is not sufficient to protect from this vulnerability. ### References - allow-list https://jupyterlab.readthedocs.io/en/stable/user/extensions.html#listing-configuration - https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html - https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations

🎯 Affected products1

pip/jupyterlab:>= 4.0.0, <= 4.5.6

🔗 CVE IDs covered (1)

📋 Description

🎯 Affected products1

🔗 References (6)