7.1
CVE-2026-4786
- EPSS 0.29%
- Veröffentlicht 13.04.2026 21:52:19
- Zuletzt bearbeitet 06.07.2026 13:17:02
- Quelle cna@python.org
- CVE-Watchlists
- Unerledigt
Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux Server (v. 7 ELS)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux Server Optional (v. 7 ELS)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Middleware Containers for OpenShift
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream (v. 10)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream (v. 8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream AUS (v.8.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream AUS (v.8.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream E4S (v.8.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream TUS (v.8.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream E4S (v.8.8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream TUS (v.8.8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream E4S (v.9.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream E4S (v.9.2)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS (v.9.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AppStream (v. 9)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS (v. 10)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS (v. 8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS AUS (v.8.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS AUS (v.8.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS E4S (v.8.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS TUS (v.8.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS E4S (v.8.8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS TUS (v.8.8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS E4S (v.9.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS E4S (v.9.2)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS EUS (v.9.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux BaseOS (v. 9)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CRB (v. 8)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat CodeReady Linux Builder EUS (v.9.4)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat CodeReady Linux Builder EUS (v.9.6)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat AI Inference Server 3.2
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat AI Inference Server 3.3
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux AI 3.3
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Hardened Images
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Update Infrastructure 5
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Enterprise Linux 8
Default Statusaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.207 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@python.org | 7 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.1 | 1.6 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
https://github.com/python/cpython/pull/148170
https://github.com/python/cpython/issues/148169
https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/
https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca
https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff
https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769
https://access.redhat.com/errata/RHSA-2026:11768
https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53
https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4
https://access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:30078
https://access.redhat.com/errata/RHSA-2026:30087
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/errata/RHSA-2026:10140
https://access.redhat.com/errata/RHSA-2026:10141
https://access.redhat.com/errata/RHSA-2026:19019
https://access.redhat.com/errata/RHSA-2026:19064
https://access.redhat.com/errata/RHSA-2026:19175
https://access.redhat.com/errata/RHSA-2026:19176
https://access.redhat.com/errata/RHSA-2026:19177
https://access.redhat.com/errata/RHSA-2026:19216
https://access.redhat.com/errata/RHSA-2026:10117
https://access.redhat.com/errata/RHSA-2026:10711
https://access.redhat.com/errata/RHSA-2026:10745
https://access.redhat.com/errata/RHSA-2026:10774
https://access.redhat.com/errata/RHSA-2026:10949
https://access.redhat.com/errata/RHSA-2026:10950
https://access.redhat.com/errata/RHSA-2026:11062
https://access.redhat.com/errata/RHSA-2026:11077
https://access.redhat.com/errata/RHSA-2026:13692
https://access.redhat.com/errata/RHSA-2026:14652
https://access.redhat.com/errata/RHSA-2026:14653
https://access.redhat.com/errata/RHSA-2026:14656
https://access.redhat.com/errata/RHSA-2026:16699
https://access.redhat.com/errata/RHSA-2026:17525
https://access.redhat.com/errata/RHSA-2026:17619
https://access.redhat.com/errata/RHSA-2026:19549
https://access.redhat.com/errata/RHSA-2026:19570
https://access.redhat.com/errata/RHSA-2026:19571
https://access.redhat.com/errata/RHSA-2026:19576
https://access.redhat.com/errata/RHSA-2026:19590
https://access.redhat.com/errata/RHSA-2026:21682
https://access.redhat.com/errata/RHSA-2026:26187
https://access.redhat.com/errata/RHSA-2026:8822
https://access.redhat.com/errata/RHSA-2026:8824
https://access.redhat.com/errata/RHSA-2026:9228
https://access.redhat.com/errata/RHSA-2026:19589
https://access.redhat.com/errata/RHSA-2026:22144
https://access.redhat.com/errata/RHSA-2026:28247
https://access.redhat.com/errata/RHSA-2026:28581
https://access.redhat.com/security/cve/CVE-2026-4786
https://bugzilla.redhat.com/show_bug.cgi?id=2458049
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4786.json
https://access.redhat.com/errata/RHSA-2026:35838