Home Embedded Vulns General Vulns

CVE-2026-34052

MEDIUM 5.9

Our Analysis: Environment Specific

Our model has classified this vulnerability as relevant to Environment Specific Systems, helping your team prioritize efforts effectively.

Published Date April 3, 2026
Last Modified April 3, 2026
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. This issue has been patched in version 1.6.3.

Potentially Affected Vendors