A critical stored Cross-Site Scripting (XSS) vulnerability in Jupyter Server allows for full kernel Remote Code Execution (RCE) and unauthorized API access.

The nbconvert HTTP handlers fail to properly sanitize user-authored notebook HTML, enabling stored XSS that can be used to execute arbitrary code within the Jupyter kernel and gain full /api/* authority.

A successful exploit grants an attacker the ability to execute code on the host server, leading to potential complete system compromise and data theft. Given the CVSS score of 9.3, the impact is severe, as it allows attackers to bypass security boundaries and gain persistent control over the Jupyter environment.

Immediate Action: Upgrade to Jupyter Server version 2.20 or later to implement the required sandbox directives and output sanitization.

Proactive Monitoring: Audit Jupyter notebook repositories for suspicious display_data outputs or embedded HTML/scripts that appear to interact with the API.

Compensating Controls: Use strict Content-Security-Policy (CSP) headers at the web server level to block unauthorized script execution until the patch is applied.

Public Exploit Available: No

The risk of Remote Code Execution makes this vulnerability a top priority for any organization hosting Jupyter instances. Immediate patching is required to prevent attackers from leveraging this XSS flaw to gain full control over the Jupyter Server environment.