7.1

CVE-2026-4519

webbrowser.open() allows leading dashes in URLs

The webbrowser.open() API would accept leading dashes in the URL which 
could be handled as command line options for certain web browsers. New 
behavior rejects leading dashes. Users are recommended to sanitize URLs 
prior to passing to webbrowser.open().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version < 3.13.13
PythonPython Version >= 3.14.0 < 3.14.4
PythonPython Version3.15.0 Updatealpha1
PythonPython Version3.15.0 Updatealpha2
PythonPython Version3.15.0 Updatealpha3
PythonPython Version3.15.0 Updatealpha4
PythonPython Version3.15.0 Updatealpha5
PythonPython Version3.15.0 Updatealpha6
PythonPython Version3.15.0 Updatealpha7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.224
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cna@python.org 7 0 0
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.1 1.6 5.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

https://github.com/python/cpython/pull/143931
Patch
Issue Tracking
https://github.com/python/cpython/issues/143930
Patch
Issue Tracking
https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/03/20/1
Third Party Advisory
Mailing List
https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866
Patch
https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b
Patch
https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76
Patch
https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5
Patch
https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03
Patch
https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48
Patch
https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd
Patch
https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e
Patch
https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1
Patch
https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4
Patch
https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c
Patch
https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932
Patch
https://access.redhat.com/errata/RHSA-2026:7329
https://access.redhat.com/errata/RHSA-2026:7335
https://access.redhat.com/errata/RHSA-2026:8747
https://access.redhat.com/errata/RHSA-2026:8746
https://access.redhat.com/errata/RHSA-2026:8748
https://access.redhat.com/errata/RHSA-2026:10065
https://access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:10140
https://access.redhat.com/errata/RHSA-2026:10141
https://access.redhat.com/errata/RHSA-2026:10101
https://access.redhat.com/errata/RHSA-2026:10102
https://access.redhat.com/errata/RHSA-2026:10111
https://access.redhat.com/errata/RHSA-2026:19019
https://access.redhat.com/errata/RHSA-2026:19064
https://access.redhat.com/errata/RHSA-2026:19175
https://access.redhat.com/errata/RHSA-2026:19176
https://access.redhat.com/errata/RHSA-2026:19177
https://access.redhat.com/errata/RHSA-2026:19216
https://access.redhat.com/errata/RHSA-2026:6016
https://access.redhat.com/errata/RHSA-2026:6035
https://access.redhat.com/errata/RHSA-2026:6256
https://access.redhat.com/errata/RHSA-2026:6281
https://access.redhat.com/errata/RHSA-2026:6283
https://access.redhat.com/errata/RHSA-2026:6285
https://access.redhat.com/errata/RHSA-2026:6286
https://access.redhat.com/errata/RHSA-2026:6473
https://access.redhat.com/errata/RHSA-2026:6766
https://access.redhat.com/errata/RHSA-2026:7010
https://access.redhat.com/errata/RHSA-2026:7244
https://access.redhat.com/errata/RHSA-2026:7443
https://access.redhat.com/errata/RHSA-2026:7661
https://access.redhat.com/errata/RHSA-2026:9042
https://access.redhat.com/errata/RHSA-2026:9260
https://access.redhat.com/errata/RHSA-2026:9261
https://access.redhat.com/errata/RHSA-2026:9262
https://access.redhat.com/errata/RHSA-2026:9289
https://access.redhat.com/errata/RHSA-2026:9354
https://access.redhat.com/errata/RHSA-2026:9386
https://access.redhat.com/errata/RHSA-2026:9387
https://access.redhat.com/errata/RHSA-2026:9591
https://access.redhat.com/errata/RHSA-2026:9614
https://access.redhat.com/errata/RHSA-2026:9621
https://access.redhat.com/errata/RHSA-2026:9705
https://access.redhat.com/errata/RHSA-2026:9745
https://access.redhat.com/security/cve/CVE-2026-4519
https://bugzilla.redhat.com/show_bug.cgi?id=2449649
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4519.json