Security releases: JupyterLab v4.5.7 and Notebook v7.5.6

krassowski · April 30, 2026, 2:07pm

JupyterLab v4.5.7 and Notebook v7.5.6 are out on PyPI and conda-forge, including three security fixes:

CVE-2026-42266 GHSA-37w4-hwhx-4rc4 Allowlist for PyPI Extension Manager not correctly enforced, PyPI Extension Manager not limited to default PyPI index
CVE-2026-42557 GHSA-mqcg-5x36-vfcg Command linker attributes in HTML enable one-click command execution from untrusted content
CVE-2026-40171 GHSA-rch3-82jr-f9w9 Command linker attributes chained with help command enable one-click authentication token theft

Topic		Replies	Views
Three security advisories for JupyterLab and Notebook Security	0	532	January 20, 2024
Advisory on JupyterLab and Notebook 7 Security	0	152	August 28, 2024
Vulnerabilities in `tests` and `staging` directory in JupyterLab Python package JupyterLab	2	282	December 16, 2024
Security Advisory for Jupyter Server and Notebook packages Security	0	941	March 22, 2022
[ANN] Security Releases for Jupyter Server and Notebook Security	0	886	June 14, 2022