Exploit for Stored-XSS-leading-to-Remote-Code-Execution-Vulnerability-in-gpu-jupyter- CVE-2026-54527

Name: Exploit for Stored-XSS-leading-to-Remote-Code-Execution-Vulnerability-in-gpu-jupyter- CVE-2026-54527
Rating: 5 (6 reviews)
2026-06-30 | CVSS 6.5
## https://sploitus.com/exploit?id=4AD76066-A087-5285-97B9-4D3DEED95B77
# Stored XSS leading to Remote Code Execution Vulnerability in `gpu-jupyter`

A stored cross-site scripting (XSS) vulnerability leading to remote code execution (RCE) exists in the `gpu-jupyter` project version `Release-v1.9_cuda-12.6_ubuntu-24.04`.

[`gpu-jupyter`](https://github.com/iot-salzburg/gpu-jupyter) : GPU-accelerated JupyterLab with PyTorch, TensorFlow, and a rich data science toolstack for reproducible deep learning experiments. Docker Hub pulls: 505,000+.

The project pins a vulnerable version of `jupyterlab-git==0.51.0` in line `541` of the `.build/Dockerfile`. This version contains a stored XSS vulnerability (CVE-2026-54527) in the `PlainTextDiff.ts` component. The `createHeader()` method at line `221` passes Git filenames directly to `innerHTML` without sanitization when rendering diffs for renamed files in commit history. Since git allows arbitrary characters in filenames (including HTML/JavaScript), an attacker can craft a filename containing malicious JavaScript that executes when another user views the rename diff in the Git History tab.

Because gpu-jupyter runs JupyterLab as `root` with full kernel access, the XSS can escalate to Remote Code Execution by calling the Jupyter Kernel API from the browser context — starting a kernel and executing arbitrary OS commands on the server.

In the vulnerability replication environment, a Docker container running the same `jupyterlab-git==0.51.0` version as gpu-jupyter is used. A malicious git repository with a crafted rename commit triggers the XSS when viewing the diff.

**I triggered the XSS via the real UI path (Git History → click commit → click renamed file → diff renders) in a Docker container, resulting in an RCE as root.**

I put `PoC.py`, `setup_repo_linux.sh`, `Dockerfile`, and the validation video in this repository.

[`createHeader()` vulnerable code location in jupyterlab-git v0.51.0](https://github.com/jupyterlab/jupyterlab-git/blob/v0.51.0/src/components/diff/PlainTextDiff.ts#L221)

[`jupyterlab-git==0.51.0` pinned in gpu-jupyter .build/Dockerfile line 541](https://github.com/iot-salzburg/gpu-jupyter/blob/Release-v1.9_cuda-12.6_ubuntu-24.04/.build/Dockerfile#L541)

## Reproduction

```bash
# 1. Build Docker container (same jupyterlab-git version as gpu-jupyter)
docker build -t cve-2026-54527-poc .
docker run -d --name poc-jupyter -p 8888:8888 cve-2026-54527-poc

# 2. Run PoC (opens browser, triggers XSS via UI, demonstrates RCE)
python PoC.py

# 3. Verify RCE
docker exec poc-jupyter sh -c "cat /workspace/vuln-repo/pwned.txt"
# Output: RCE via CVE-2026-54527 at 2026-06-29T08:15:36.139Z
```

## PoC Output

```
[!!!] ALERT DIALOG VISIBLE: XSS_CVE-2026-54527
[!!!] XSS TRIGGERED VIA REAL UI PATH!

[!!!] RCE Results:
      HOST:64d57cfcd8ba          ← Docker container
      OS:Linux-6.6.87.2-microsoft-standard-WSL2-x86_64-with-glibc2.41
      USER:root
      ID:uid=0(root) gid=0(root) groups=0(root)
```