CVE-2026-44182
CWE-74Published: July 16, 2026· Updated: Jul 16, 2026
Official Description
Jupyter Enterprise Gateway launches remote Jupyter Notebook kernels across distributed clusters like Apache Spark, Kubernetes, and Docker Swarm. In versions prior to 3.3.0, the server interpolates untrusted environment variables (e.g., KERNEL_XXX) into Kubernetes manifests without YAML-aware escaping, enabling YAML injection attacks. Attackers can inject new fields, overwrite critical fields (e.g., duplicate securityContext keys, where the last one prevails), and inject document boundaries (--- for new documents, ... for end-of-document) to generate multiple resources, potentially creating arbitrary types, such as privileged pods. The Jinja2 template for the Kubernetes manifest contains several kernel_xxx variables, such as kernel_working_dir that are used when rendering the manifest and are all vectors for YAML injection. This issue has been fixed in version 3.3.0.
Risk Analysis
This critical vulnerability in Jupyter Enterprise Gateway allows remote unauthenticated attackers to achieve arbitrary code execution and privilege escalation. The flaw is due to YAML injection when interpolating untrusted environment variables into Kubernetes manifests. With a CVSS score of 10.0, this vulnerability presents the highest possible risk to the confidentiality, integrity, and availability of affected clusters.
No public exploit is currently known for this vulnerability. However, given the nature of the flaw, it is remotely exploitable without authentication.
Update Jupyter Enterprise Gateway to version 3.3.0 or later. Review and harden configurations related to environment variable handling and Kubernetes manifest generation.
Technical Analysis
CVE-2026-44182 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
All References (2)
Quick Facts
Related CVEs (CWE-74)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-44182 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts