A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_path() function within jupyter_server/services/contents/fileio.py. The check uses startswith(root) without appending a trailing path separator, allowing sibling directories with names starting with the same prefix as root_dir to bypass the check. Additionally, the to_os_path() function in utils.py does not strip ".." from path parts, enabling traversal sequences to bypass the vulnerable check. This vulnerability can lead to unauthorized read/write access to files in sibling directories, potentially exposing sensitive data in shared hosting environments.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2026-5422 is a path traversal vulnerability affecting Jupyter Server 2.17.0 that allows attackers to access files outside the intended root directory. The flaw stems from two critical validation failures: the _get_os_path() function uses a simple startswith() check without enforcing strict path boundaries, and the to_os_path() function fails to sanitize ".." sequences from path components. This means an attacker can craft requests to sibling directories or traverse upward in the filesystem hierarchy, potentially exposing sensitive notebooks, configuration files, and other data. Jupyter Server deployments are particularly at risk in multi-user or cloud environments where sandboxing is critical to isolating user workspaces.
While this CVE maps to CWE-23 (Relative Path Traversal), it doesn't currently align with specific MITRE ATT&CK techniques in the standard framework, making traditional threat hunting difficult. However, Casky.ai's 754 mapped security skills enable detection of the underlying attack patterns through Claude's extended reasoning capabilities. Practitioners using Casky would identify suspicious behavior such as: unusual path resolution requests containing ".." sequences, access attempts to parent directories outside the notebook root, and anomalous file system queries that indicate directory escape attempts. By analyzing request patterns, file access logs, and path normalization failures, Casky helps security teams detect exploitation attempts before unauthorized file access occurs—critical for validating that their Jupyter deployments maintain proper isolation boundaries.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-5422. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation