CVE-2026-44181
jupyter-server · enterprise_gateway
Jupyter Enterprise Gateway is vulnerable to Server Side Template Injection (SSTI), allowing unauthenticated attackers to execute arbitrary code and gain control over the Kubernetes cluster.
Executive summary
A critical Server Side Template Injection vulnerability in Jupyter Enterprise Gateway permits unauthenticated remote code execution and potential full compromise of the underlying Kubernetes cluster.
Vulnerability
The application is vulnerable to SSTI through environment variables used during the rendering of Kubernetes manifests. By injecting Jinja2 template expressions, an attacker can execute arbitrary Python code and OS commands, potentially stealing Kubernetes service account tokens to escalate privileges further.
Business impact
This vulnerability allows an attacker to achieve full remote code execution within the Enterprise Gateway service. By stealing Kubernetes secrets and service account tokens, an attacker can move laterally to compromise the entire Kubernetes cluster, including the deployment of privileged pods or hostPath volume mounts. With a CVSS score of 10.0, this represents the highest level of security risk.
Remediation
Immediate Action: Upgrade Jupyter Enterprise Gateway to version 3.3.0 or higher. Verify that all containerized instances are running the updated image.
Proactive Monitoring: Inspect Kubernetes audit logs for suspicious pod creation or modification activities. Monitor for anomalous processes executing within the Enterprise Gateway service containers.
Compensating Controls: Implement strict Kubernetes RBAC policies to limit the permissions of the service account used by the Enterprise Gateway. Use network policies to isolate the gateway from sensitive internal cluster services.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Given the critical nature of this vulnerability and the potential for full cluster takeover, immediate patching is required. Organizations should treat this as a top-tier security emergency and verify that all affected Jupyter Enterprise Gateway instances are updated to version 3.3.0 without delay.