CVE-2026-21883
📋 TL;DR
This vulnerability allows attackers to bypass Bokeh server allowlist protections via domain suffix matching. Attackers can register malicious domains that end with allowed domain names (e.g., dashboard.corp.attacker.com matching dashboard.corp) to hijack WebSocket connections. This affects organizations using Bokeh servers with allowlist configurations in versions 3.8.1 and below.
💻 Affected Systems
- Bokeh
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full control over Bokeh visualizations, access sensitive data displayed in dashboards, modify or inject malicious content into business intelligence tools, and potentially pivot to internal systems.
Likely Case
Data exfiltration from Bokeh dashboards, unauthorized modification of visualizations, and potential session hijacking of users interacting with vulnerable servers.
If Mitigated
Limited impact with proper network segmentation, but still allows unauthorized WebSocket connections from malicious domains matching allowlist patterns.
🎯 Exploit Status
Exploitation requires registering a malicious domain that ends with an allowed domain name and tricking users to visit it. Technical details and proof-of-concept are publicly available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.8.2
Vendor Advisory: https://github.com/bokeh/bokeh/security/advisories/GHSA-793v-589g-574v
Restart Required: Yes
Instructions:
1. Upgrade Bokeh to version 3.8.2 or later using pip: pip install --upgrade bokeh>=3.8.2
2. Restart all Bokeh server instances
3. Verify the fix by checking the version: python -c "import bokeh; print(bokeh.__version__)"
🔧 Temporary Workarounds
Disable allowlist or use strict matching
allRemove --allow-websocket-origin configurations or implement strict domain matching at application layer
Remove --allow-websocket-origin flags from Bokeh server startup commands
Network isolation
linuxRestrict Bokeh server access to trusted networks only using firewall rules
iptables -A INPUT -p tcp --dport <bokeh_port> -s <trusted_network> -j ACCEPT
iptables -A INPUT -p tcp --dport <bokeh_port> -j DROP
🧯 If You Can't Patch
- Implement reverse proxy with strict Origin header validation
- Use network segmentation to isolate Bokeh servers from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check if Bokeh version is 3.8.1 or below AND server uses allowlist configuration (--allow-websocket-origin flag)Check Version:
python -c "import bokeh; print(bokeh.__version__)"Verify Fix Applied:
Verify Bokeh version is 3.8.2 or higher and test WebSocket connections from domains that should be blocked📡 Detection & Monitoring
Log Indicators:
- WebSocket connections from domains with suspicious suffixes matching allowlist patterns
- Multiple failed Origin validation attempts
Network Indicators:
- WebSocket traffic to Bokeh servers from unexpected domains
- DNS requests for domains ending with allowed domain patterns
SIEM Query:
websocket AND (origin CONTAINS '.attacker.' OR origin MATCHES '.*\.corp\.[^.]+\.com')