Detections
Analytics
Linux Distros Unpatched Vulnerability : CVE-2026-44727
critical Nessus Plugin ID 322301
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.- Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20. (CVE-2026-44727)
Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.See Also
Plugin Details
Severity: Critical
ID: 322301
File Name: unpatched_CVE_2026_44727.nasl
Version: 1.1
Type: Local
Agent: unix
Family: Misc.
Published: 6/24/2026
Updated: 6/24/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.6
CVSS v4
Risk Factor: Critical
Base Score: 9.3
Threat Score: 7.4
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CVSS Score Source: CVE-2026-44727
Vulnerability Information
CPE: p-cpe:/a:canonical:ubuntu_linux:jupyter-server, cpe:/o:canonical:ubuntu_linux:25.10, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, cpe:/o:canonical:ubuntu_linux:26.04:-:lts
Required KB Items: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 6/18/2026
Reference Information
CVE: CVE-2026-44727