CVE-2026-44181: Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution

June 3, 2026

The environment variables (KERNEL_XXX) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI). By including Jinja2 template expressions it is possible to execution Python code and OS Commands in the Enterprise Gateway service. The code can use or steal the Kubernetes service account token, which can steal Kubernetes secrets and be used to fully compromise the Kubernetes cluster by scheduling a privileged pod or a pod with a hostPath volume mount.

References

github.com/advisories/GHSA-f49j-v924-fx9w
github.com/jupyter-server/enterprise_gateway/security/advisories/GHSA-f49j-v924-fx9w
nvd.nist.gov/vuln/detail/CVE-2026-44181

Code Behaviors & Features

Detect and mitigate CVE-2026-44181 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →