Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard

CVE-2026-23528 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

Impact

When Jupyter Lab, jupyter-server-proxy and Dask distributed are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard.

It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel.

In order for a user to be impacted they must be running Jupyter Lab locally on the default port (with the jupyter-server-proxy) and a Dask distributed cluster on the default port. Then they would need to click the link which would execute the malicious code.

Patches

This has been fixed in the 2026.1.0 release. All users should upgrade to this version.

Mitigations

There are no known workarounds for this bug. The only complete solution is to upgrade to a newer release of Dask. However, there are a few things you could do to reduce your risk.

It is possible to avoid code execution via Jupyter by uninstalling the jupyter-server-proxy and accessing the Dask dashboard directly at it's URL. However, it is still possible for an attacker to craft a URL that executes JavaScript in the user's browser in the Dask dashboard. Which is still a moderate vulnerability. Therefore we recommend all users upgrade to the latest Dask release.

Another potential mitigation is to ensure both Jupyter and the Dask dashboard are running on non-standard ports. While this doesn't resolve the problem it reduces the chance of this being exploited. If an attacker knew which ports you were using they could still craft a malicious URL, but it would require a more targeted attack.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Open repository advisory ↗
Source code
Browse source ↗
Published (advisory)
2026-01-16 16:58:16 UTC
Updated
2026-06-09 10:34:52 UTC
GitHub reviewed
2026-01-16 16:58:16 UTC
NVD published
2026-01-16

EPSS Score

Score Percentile
0.02% 3.78%

CVSS Scores

Base score Version Severity Vector
5.3 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network.
Attack complexity (AC:L)
Exploitation conditions are straightforward and stable.
Attack requirements (AT:N)
No additional preconditions are required beyond normal reachability.
Privileges required (PR:N)
No privileges are required.
User interaction (UI:P)
A user has to participate (for example click/open/approve).
Vulnerable system confidentiality impact (VC:L)
Limited confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:L)
Limited integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:N)
No availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:N)
No confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N)
No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N)
No availability impact on subsequent systems.

Identifiers

Type Value
GHSA GHSA-c336-7962-wfj2 ↗
CVE CVE-2026-23528 ↗

CWEs

CWE id Name
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-250 Execution with Unnecessary Privileges

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
pip distributed < 2026.1.0 2026.1.0

References

cvelogic Threat Intelligence