VDB

TNCVE-2026-4786

TNCVE-2026-4786 PUBLISHED

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.

Timeline

  • Apr 13, 2026 CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›