Dask Distributed: When 'Worker Not Found' Means 'Shell Found'
Jan 16, 2026·5 min read·2 visits
Executive Summary (TL;DR)
Dask Distributed < 2026.1.0 reflects the worker hostname in error messages without sanitization. In Jupyter environments using `jupyter-server-proxy`, this allows attackers to inject JavaScript that talks to the Jupyter API, upgrading a simple XSS into full Remote Code Execution (RCE).
A classic reflected Cross-Site Scripting (XSS) vulnerability in Dask Distributed turns deadly when paired with Jupyter Lab. By failing to sanitize error messages involving non-existent workers, attackers can piggyback on the Jupyter origin to execute arbitrary Python code on the server.
Official Patches
Fix Analysis (1)
Technical Appendix
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:NAffected Systems
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
distributed dask | < 2026.1.0 | 2026.1.0 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-79 (Improper Neutralization of Input During Web Page Generation) |
| CVSS v4.0 | 5.3 (Medium) - Context Dependent High |
| Attack Vector | Network (Reflected XSS) |
| Privileges Required | None (Victim interaction required) |
| User Interaction | Required (Phishing) |
| Exploit Status | PoC Available |
MITRE ATT&CK Mapping
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.