CVE-2026-44180

jupyter-server · enterprise_gateway

Jupyter Enterprise Gateway is vulnerable to an input validation bypass that allows kernels to run as root, potentially leading to container escapes and full cluster compromise.

Executive summary

A critical input validation vulnerability in Jupyter Enterprise Gateway allows attackers to bypass root restrictions, enabling container escapes and unauthorized access to underlying worker nodes.

Vulnerability

The application fails to properly enforce UID and GID restrictions for remote kernels. An unauthenticated attacker can submit a crafted KERNEL_UID or KERNEL_GID value to bypass security checks, executing kernels with root permissions within the host environment.

Business impact

Successful exploitation allows an attacker to break out of the containerized environment, gaining code execution on the underlying worker node. This can lead to the compromise of the entire Kubernetes cluster and all workloads running within it. With a CVSS score of 9.8, this flaw represents an extreme risk to cloud infrastructure security and sensitive data access.

Remediation

Immediate Action: Upgrade Jupyter Enterprise Gateway to version 3.3.0 or later to ensure root restriction logic is correctly enforced.

Proactive Monitoring: Monitor cluster logs for unusual kernel execution patterns or unexpected root-level processes originating from Jupyter containers.

Compensating Controls: Implement strict Pod Security Policies or Admission Controllers to prevent containers from running as root, even if the application logic is bypassed.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Infrastructure teams must treat this vulnerability with the highest priority. Upgrading to version 3.3.0 is essential to prevent container breakout scenarios that could jeopardize the entire cluster environment.