CLSA-2026-1778087756

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1778087756

Upstream

CVE-2026-4519

CVE-2026-4786

Published

2026-05-06T17:16:04Z

Modified

2026-06-01T00:33:23.699028254Z

Summary

python3: Fix of 2 CVEs

Details

CVE-2026-4519: reject leading dashes in webbrowser URLs to block command-line option injection via webbrowser.open()
CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check

References

https://errata.tuxcare.com/els_os/centos8.5els/CLSA-2026-1778087756.html

Affected packages

TuxCare:CentOS:8.5

platform-python

Package

Name: platform-python
Purl: pkg:rpm/tuxcare/platform-python?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-42.el8.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json"

platform-python-debug

Package

Name: platform-python-debug
Purl: pkg:rpm/tuxcare/platform-python-debug?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-42.el8.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json"

platform-python-devel

Package

Name: platform-python-devel
Purl: pkg:rpm/tuxcare/platform-python-devel?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-42.el8.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json"

python3-devel

Package

Name: python3-devel
Purl: pkg:rpm/tuxcare/python3-devel?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-42.el8.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json"

python3-idle

Package

Name: python3-idle
Purl: pkg:rpm/tuxcare/python3-idle?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-42.el8.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json"

python3-libs

Package

Name: python3-libs
Purl: pkg:rpm/tuxcare/python3-libs?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-42.el8.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json"

python3-test

Package

Name: python3-test
Purl: pkg:rpm/tuxcare/python3-test?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-42.el8.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json"

python3-tkinter

Package

Name: python3-tkinter
Purl: pkg:rpm/tuxcare/python3-tkinter?distro=centos-8.5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.8-42.el8.tuxcare.els19

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1778087756.json"