VDB
RHSA-2026%3A19590
RHSA-2026%3A19590
PUBLISHED
CVSS 7.099999904632568 HIGH
A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | python3-tkinter-0:3.6.8-39.el8_4.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-tkinter-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | platform-python-debug-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-debugsource-0:3.6.8-39.el8_4.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | platform-python-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-idle-0:3.6.8-39.el8_4.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-idle-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-tkinter-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-0:3.6.8-39.el8_4.11.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-idle-0:3.6.8-39.el8_4.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | platform-python-devel-0:3.6.8-39.el8_4.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-debugsource-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-test-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-0:3.6.8-39.el8_4.11.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-test-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-debuginfo-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-debuginfo-0:3.6.8-39.el8_4.11.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-idle-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-debugsource-0:3.6.8-39.el8_4.11.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
| Red Hat | python3-debuginfo-0:3.6.8-39.el8_4.11.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) | 3.6.8-39.el8 |
…and 56 more
Timeline
- May 20, 2026 CVE Published
- May 28, 2026 CVE Updated
- May 28, 2026 Distribution Patch
- May 28, 2026 Distribution Patch
- May 28, 2026 Security Advisory
- May 28, 2026 Security Advisory
- May 28, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:19590 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2457932 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2458049 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19590.json advisory
- https://access.redhat.com/security/cve/CVE-2026-4786 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-4786 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-4786 advisory
- https://github.com/python/cpython/issues/148169 advisory
- https://github.com/python/cpython/pull/148170 advisory
- https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/ advisory
- https://access.redhat.com/security/cve/CVE-2026-6100 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-6100 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-6100 advisory
- https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d advisory
- https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2 advisory
- https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20 advisory
- https://github.com/python/cpython/issues/148395 advisory
- https://github.com/python/cpython/pull/148396 advisory
- https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/ advisory