DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-23528: Dask Distributed: When 'Worker Not Found' Means 'Shell Found'

#security #cve #cybersecurity

Dask Distributed: When 'Worker Not Found' Means 'Shell Found'

Vulnerability ID: CVE-2026-23528
CVSS Score: 5.3
Published: 2026-01-16

A classic reflected Cross-Site Scripting (XSS) vulnerability in Dask Distributed turns deadly when paired with Jupyter Lab. By failing to sanitize error messages involving non-existent workers, attackers can piggyback on the Jupyter origin to execute arbitrary Python code on the server.

TL;DR

Dask Distributed < 2026.1.0 reflects the worker hostname in error messages without sanitization. In Jupyter environments using jupyter-server-proxy, this allows attackers to inject JavaScript that talks to the Jupyter API, upgrading a simple XSS into full Remote Code Execution (RCE).

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-79 (Improper Neutralization of Input During Web Page Generation)
  • CVSS v4.0: 5.3 (Medium) - Context Dependent High
  • Attack Vector: Network (Reflected XSS)
  • Privileges Required: None (Victim interaction required)
  • User Interaction: Required (Phishing)
  • Exploit Status: PoC Available

Affected Systems

  • Dask Distributed < 2026.1.0
  • Jupyter Lab (when running dask-labextension)
  • jupyter-server-proxy environments
  • distributed: < 2026.1.0 (Fixed in: 2026.1.0)

Code Analysis

Commit: ab72092

Fix XSS in ProxyHandler by escaping worker hostname

--- a/distributed/http/proxy.py
+++ b/distributed/http/proxy.py
@@ -46,7 +47,7 @@
             worker = f"{self.host}:{port}"
             if not check_worker_dashboard_exits(self.scheduler, worker):
-                msg = "Worker <%s> does not exist" % worker
+                msg = f"Worker &lt;{html.escape(worker)}&gt; does not exist"
Enter fullscreen mode Exit fullscreen mode

Exploit Details

  • GHSA: Advisory containing the attack vector and PoC logic.

Mitigation Strategies

  • Input sanitization of all reflected parameters
  • Isolate proxied services to distinct subdomains (Origin Isolation)
  • Implement Content Security Policy (CSP) to restrict inline script execution

Remediation Steps:

  1. Identify environments running Dask Distributed alongside Jupyter Lab.
  2. Upgrade the 'distributed' python package to version 2026.1.0 or later.
  3. Restart the Dask scheduler and Jupyter services.

References

Read the full report for CVE-2026-23528 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)