Volerion logoVolerion
Volerion logoVolerion

Jupyter Nbconvert Path Traversal Vulnerability in HTML Exporter Allowing Arbitrary File Read

Vulnerability

A path traversal vulnerability allowing arbitrary file read has been identified in the Jupyter Nbconvert tool, specifically in versions 6.5 prior to 7.17.1. When the HTML Exporter option to embed images is enabled, the markdown renderer can be exploited to read sensitive files from the host machine. This is achieved by embedding the files as base64 data URIs in the generated HTML output. The vulnerability arises from the markdown renderer's handling of image references, which can be manipulated to traverse file paths and access unauthorized files.

Impact

Exploitation of this vulnerability allows for arbitrary file read from the host system, with a high confidentiality impact as sensitive files can be exfiltrated.

Remediation

Users can upgrade to Jupyter Nbconvert version 7.17.1, which addresses this vulnerability. Alternatively, the 'HTMLExporter.embed_images' option can be disabled, as it is not enabled by default.

Added: Apr 21, 2026, 1:21 AM
Updated: Apr 21, 2026, 1:21 AM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
4.2
remediation
7.9
relevance
6.3
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.