{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34052", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-25T15:29:04.746Z", "datePublished": "2026-04-03T22:04:10.519Z", "dateUpdated": "2026-04-06T18:59:04.966Z"}, "containers": {"cna": {"title": "LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)", "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "lang": "en", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-8mxq-7xr7-2fxj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-8mxq-7xr7-2fxj"}, {"name": "https://github.com/jupyterhub/ltiauthenticator/releases/tag/1.6.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/jupyterhub/ltiauthenticator/releases/tag/1.6.3"}], "affected": [{"vendor": "jupyterhub", "product": "ltiauthenticator", "versions": [{"version": "< 1.6.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:04:10.519Z"}, "descriptions": [{"lang": "en", "value": "LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. This issue has been patched in version 1.6.3."}], "source": {"advisory": "GHSA-8mxq-7xr7-2fxj", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T18:58:43.478477Z", "id": "CVE-2026-34052", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T18:59:04.966Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34052", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T18:58:43.478477Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T18:58:56.743Z"}}], "cna": {"title": "LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)", "source": {"advisory": "GHSA-8mxq-7xr7-2fxj", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "jupyterhub", "product": "ltiauthenticator", "versions": [{"status": "affected", "version": "< 1.6.3"}]}], "references": [{"url": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-8mxq-7xr7-2fxj", "name": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-8mxq-7xr7-2fxj", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/jupyterhub/ltiauthenticator/releases/tag/1.6.3", "name": "https://github.com/jupyterhub/ltiauthenticator/releases/tag/1.6.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. This issue has been patched in version 1.6.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401: Missing Release of Memory after Effective Lifetime"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-03T22:04:10.519Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34052", "state": "PUBLISHED", "dateUpdated": "2026-04-06T18:59:04.966Z", "dateReserved": "2026-03-25T15:29:04.746Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-03T22:04:10.519Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jupyter:lti_jupyterhub_authenticator:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD8F0C3C-6B43-4A7A-B3DE-8585DB1B5668", "versionEndExcluding": "1.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. This issue has been patched in version 1.6.3."}], "id": "CVE-2026-34052", "lastModified": "2026-04-13T17:44:00.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-03T23:17:03.777", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/jupyterhub/ltiauthenticator/releases/tag/1.6.3"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-8mxq-7xr7-2fxj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}, {"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.6.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "ltiauthenticator", "vendor": "jupyterhub"}], "analysis": {"en": {"generated_at": "2026-04-13T18:28:08.912195+00:00", "value": {"mitigation_remediation": ["Upgrade LTI JupyterHub Authenticator to version 1.6.3 or later"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via unbounded memory growth"}, "threat_synthesis": {"affected_systems": "JupyterHub developers ship the LTI Authenticator as the \"ltiauthenticator\" package. Versions prior to 1.6.3 are affected; any deployment using an earlier release with the same nonce handling logic is vulnerable. The patch was released with version 1.6.3, so systems running that or newer versions are not susceptible.", "description_and_impact": "The LTI JupyterHub Authenticator implements LTI 1.1 authentication and stores OAuth nonces in a class\u2011level dictionary. Each incoming request adds a nonce before signature validation, and the dictionary is never cleared. As a result, an attacker with knowledge of a valid consumer key can repeatedly issue requests using new nonces, causing the dictionary to grow without bounds and exhausting server memory. Once memory limits are reached the JupyterHub service will become unresponsive, effectively denying access to all users.", "risk_and_exploitability": "The CVSS score of 5.9 reflects a moderate severity. EPSS indicates a shooting\u2011star probability of less than 1 percent, and the vulnerability is not listed in the KEV catalog, suggesting exploitation opportunities are currently limited. The likely attack vector is remote, via crafted HTTP requests sent to the authenticator endpoint, and requires the attacker to possess a valid consumer key. Because the vulnerability only leads to a service denial rather than code execution, the impact is limited to availability degradation."}}}}, "created": "2026-04-06T21:22:15.232524+00:00", "updated": "2026-04-14T16:41:41.280660+00:00", "vendors": ["jupyterhub", "jupyterhub$PRODUCT$ltiauthenticator"]}