HomeCVE Intelligence › CVE-2026-40110
CVSS 7.5 HIGH Vulnerability

CVE-2026-40110: Jupyter Server has a CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat…

Jupyter Server uses re.match() to validate the Origin header against the allow_origin_pat configuration. Since re.match() only anchors at the start of the string, an attacker who controls a domain like http://trusted.ex…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-40110
Vendorpip
Affected Productjupyter-server
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

Jupyter Server uses re.match() to validate the Origin header against the allow_origin_pat configuration. Since re.match() only anchors at the start of the string, an attacker who controls a domain like http://trusted.example.com.evil.com/ passes validation against a pattern intended to match only trusted.example.com.

Impact <=2.17.0

Patches 057869a327c46730afede3eab0ca2d2e3e74acea, 49b34392feaa97735b3b777e3baf8f22f2a14ed8

Workarounds Wrap your allow_origin_pat value with ^ and $

References https://github.com/jupyter-server/jupyter_server/pull/603

https://docs.python.org/3/library/re.html#re.fullmatch https://docs.python.org/3/library/re.html#re.match

🎯 Known Indicators of Compromise

{"type":"sha1","value":"057869a327c46730afede3eab0ca2d2e3e74acea","confidence_score":0.9,"first_seen":"2026-05-05","source_count":1} {"type":"sha1","value":"49b34392feaa97735b3b777e3baf8f22f2a14ed8","confidence_score":0.9,"first_seen":"2026-05-05","source_count":1} {"type":"url","value":"http://trusted.example.com.evil.com/`","confidence_score":0.82,"first_seen":"2026-05-05","source_count":1} {"type":"url","value":"https://github.com/jupyter-server/jupyter_server/pull/603","confidence_score":0.82,"first_seen":"2026-05-05","source_count":1} {"type":"url","value":"https://docs.python.org/3/library/re.html#re.fullmatch","confidence_score":0.82,"first_seen":"2026-05-05","source_count":1} {"type":"url","value":"https://docs.python.org/3/library/re.html#re.match","confidence_score":0.82,"first_seen":"2026-05-05","source_count":1} {"type":"domain","value":"trusted.example.com.evil.com","confidence_score":0.75,"first_seen":"2026-05-05","source_count":1} {"type":"domain","value":"trusted.example.com","confidence_score":0.75,"first_seen":"2026-05-05","source_count":1} {"type":"domain","value":"docs.python.org","confidence_score":0.75,"first_seen":"2026-05-05","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-40110 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence