diff --git a/.changeset/cold-pillows-grow.md b/.changeset/cold-pillows-grow.md
new file mode 100644
index 00000000..a60c8b88
--- /dev/null
+++ b/.changeset/cold-pillows-grow.md
@@ -0,0 +1,5 @@
+---
+"@e2b/code-interpreter-template": patch
+---
+
+Pin `jupyter-server` `root_dir` to `/home/user` so session creation keeps working with jupyter-server 2.18.0's path-traversal hardening
diff --git a/template/jupyter_server_config.py b/template/jupyter_server_config.py
index 5400d8fe..663682cc 100644
--- a/template/jupyter_server_config.py
+++ b/template/jupyter_server_config.py
@@ -3,6 +3,19 @@
 c = get_config()  # noqa
 
 
+# Pin the contents root directory.
+#
+#         Sessions are created with a relative path (a bare uuid, see
+#         server/contexts.py). Without an explicit root_dir, jupyter-server
+#         inherits the process working directory as its root — which is "/"
+#         under systemd (jupyter.service has no WorkingDirectory). Since
+#         jupyter-server 2.18.0 (CVE-2026-35397 path-traversal hardening), a
+#         root_dir of "/" makes every POST /api/sessions fail with
+#         "<uuid> is outside root contents directory", so the server never
+#         starts. Pinning it to /home/user matches the execution cwd.
+c.ServerApp.root_dir = "/home/user"
+
+
 # Set the Access-Control-Allow-Origin header
 #
 #          Use '*' to allow any origin to access your server.
diff --git a/template/requirements.txt b/template/requirements.txt
index 7e7e47ea..3fbb9865 100644
--- a/template/requirements.txt
+++ b/template/requirements.txt
@@ -1,5 +1,5 @@
 # Jupyter server requirements
-jupyter-server==2.16.0
+jupyter-server==2.18.0
 ipykernel==6.31.0
 ipython==9.14.0