CVE-2026-42266 (GCVE-0-2026-42266)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:08 – Updated: 2026-05-21 00:41
VLAI?
Title
JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.
Summary
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.
Severity ?
8.8 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/jupyterlab/jupyterlab/security… | x_refsource_CONFIRM |
| https://github.com/jupyterlab/jupyterlab/releases… | x_refsource_MISC |
| https://jupyterhub.readthedocs.io/en/5.2.1/explan… | x_refsource_MISC |
| https://jupyterlab.readthedocs.io/en/latest/user/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jupyterlab | jupyterlab |
Affected:
>= 4.0.0, < 4.5.7
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T03:56:38.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "jupyterlab",
"vendor": "jupyterlab",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T00:41:24.140Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4"
},
{
"name": "https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7"
},
{
"name": "https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html"
},
{
"name": "https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations",
"tags": [
"x_refsource_MISC"
],
"url": "https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations"
}
],
"source": {
"advisory": "GHSA-37w4-hwhx-4rc4",
"discovery": "UNKNOWN"
},
"title": "JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42266",
"datePublished": "2026-05-13T15:08:49.846Z",
"dateReserved": "2026-04-26T11:53:27.706Z",
"dateUpdated": "2026-05-21T00:41:24.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42266",
"date": "2026-05-20",
"epss": "0.0007",
"percentile": "0.21225"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42266\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T16:16:47.017\",\"lastModified\":\"2026-05-21T02:16:33.527\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-88\"},{\"lang\":\"en\",\"value\":\"CWE-602\"}]}],\"references\":[{\"url\":\"https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42266\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T15:28:30.597649Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T15:28:48.878Z\"}}], \"cna\": {\"title\": \"JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.\", \"source\": {\"advisory\": \"GHSA-37w4-hwhx-4rc4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"jupyterlab\", \"product\": \"jupyterlab\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.0.0, \u003c 4.5.7\"}]}], \"references\": [{\"url\": \"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4\", \"name\": \"https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7\", \"name\": \"https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html\", \"name\": \"https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations\", \"name\": \"https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-602\", \"description\": \"CWE-602: Client-Side Enforcement of Server-Side Security\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-21T00:41:24.140Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42266\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-21T00:41:24.140Z\", \"dateReserved\": \"2026-04-26T11:53:27.706Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T15:08:49.846Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
bit-jupyterlab-2026-42266
Vulnerability from bitnami_vulndb
Published
2026-05-15 08:42
Modified
2026-05-21 06:12
Summary
JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.
Details
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "jupyterlab",
"purl": "pkg:bitnami/jupyterlab"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.5.7"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2026-42266"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:jupyter:jupyterlab:*:*:*:*:*:python:*:*"
],
"severity": "High"
},
"details": "jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.",
"id": "BIT-jupyterlab-2026-42266",
"modified": "2026-05-21T06:12:40.531Z",
"published": "2026-05-15T08:42:28.664Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42266"
}
],
"schema_version": "1.6.2",
"summary": "JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request."
}
FKIE_CVE-2026-42266
Vulnerability from fkie_nvd - Published: 2026-05-13 16:16 - Updated: 2026-05-21 02:16
Severity ?
Summary
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7."
}
],
"id": "CVE-2026-42266",
"lastModified": "2026-05-21T02:16:33.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-13T16:16:47.017",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4"
},
{
"source": "security-advisories@github.com",
"url": "https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html"
},
{
"source": "security-advisories@github.com",
"url": "https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
},
{
"lang": "en",
"value": "CWE-602"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-37W4-HWHX-4RC4
Vulnerability from github – Published: 2026-05-05 20:53 – Updated: 2026-05-21 00:41
VLAI?
Summary
JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
Details
The allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index.
This has security implications for deployments that: - have allow-listed specific extensions with aim to prevent users from installing packages - have the kernel and terminals disabled or delegated to remote hosts (thus no access to install packages in the single-user server environment) - have multi-tenant deployments that is not configured for untrusted users (as per documented on JupyterHub https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html) - have the (default) PyPI Extension Manager enabled
Impact
An authenticated attacker - such as a student in a shared JupyterHub environment or a user in a multi-tenant JupyterLab deployment - can escalate their privileges. This might allow for data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure.
Patches
JupyterLab v4.5.7 contains the patch.
Users of applications that depend on JupyterLab, such as Notebook v7+, should update jupyterlab package too.
Workarounds
Switch to read-only extension manager by adding the following command line option:
--LabApp.extension_manager=readonly
or the following traitlet:
c.LabApp.extension_manager = 'readonly'
You can confirm that the read-only manager is in use from GUI:
Note: configuration of a PyPI proxy with allow-listed packages is not sufficient to protect from this vulnerability.
References
- allow-list https://jupyterlab.readthedocs.io/en/stable/user/extensions.html#listing-configuration
- https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html
- https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations
Severity ?
8.8 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.5.6"
},
"package": {
"ecosystem": "PyPI",
"name": "jupyterlab"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.5.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42266"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-88",
"CWE-602"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T20:53:18Z",
"nvd_published_at": "2026-05-13T16:16:47Z",
"severity": "HIGH"
},
"details": "The allow-list of extensions that can be installed from PyPI Extension Manager (`allowed_extensions_uris`) is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index.\n\nThis has security implications for deployments that:\n- have allow-listed specific extensions with aim to prevent users from installing packages\n- have the kernel and terminals disabled or delegated to remote hosts (thus no access to install packages in the single-user server environment)\n- have multi-tenant deployments that is not configured for untrusted users (as per documented on JupyterHub https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html)\n- have the (default) PyPI Extension Manager enabled\n\n### Impact\n\nAn authenticated attacker - such as a student in a shared JupyterHub environment or a user in a multi-tenant JupyterLab deployment - can escalate their privileges. This might allow for data exfiltration, lateral movement within the network, and persistent compromise of the server infrastructure.\n\n### Patches\n\nJupyterLab [`v4.5.7`](https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7) contains the patch.\n\nUsers of applications that depend on JupyterLab, such as Notebook v7+, should update `jupyterlab` package too.\n\n### Workarounds\n\nSwitch to read-only extension manager by adding the following command line option:\n\n```bash\n--LabApp.extension_manager=readonly\n```\n\nor the following traitlet:\n\n```python\nc.LabApp.extension_manager = \u0027readonly\u0027\n```\n\nYou can confirm that the read-only manager is in use from GUI:\n\n\u003cimg width=\"293\" height=\"293\" alt=\"image\" src=\"https://github.com/user-attachments/assets/8016c809-633e-4ed0-a5bc-6bc4793caa0f\" /\u003e\n\nNote: configuration of a PyPI proxy with allow-listed packages is not sufficient to protect from this vulnerability.\n\n### References\n\n- allow-list https://jupyterlab.readthedocs.io/en/stable/user/extensions.html#listing-configuration\n- https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html\n- https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations",
"id": "GHSA-37w4-hwhx-4rc4",
"modified": "2026-05-21T00:41:39Z",
"published": "2026-05-05T20:53:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42266"
},
{
"type": "PACKAGE",
"url": "https://github.com/jupyterlab/jupyterlab"
},
{
"type": "WEB",
"url": "https://github.com/jupyterlab/jupyterlab/releases/tag/v4.5.7"
},
{
"type": "WEB",
"url": "https://jupyterhub.readthedocs.io/en/5.2.1/explanation/websecurity.html"
},
{
"type": "WEB",
"url": "https://jupyterlab.readthedocs.io/en/latest/user/extensions.html#extension-manager-implementations"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…