CVE-2026-42557: JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

May 6, 2026

JupyterLab’s HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with a pre-saved HTML cell output containing a deceptive button can trigger arbitrary JupyterLab commands - including arbitrary code execution - on a single user click, without any code being submitted for execution by the user.

References

github.com/advisories/GHSA-mqcg-5x36-vfcg
github.com/jupyterlab/jupyterlab
github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg
jupyterlab.readthedocs.io/en/latest/user/commands.html
nvd.nist.gov/vuln/detail/CVE-2026-42557

Code Behaviors & Features

Detect and mitigate CVE-2026-42557 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →