OESA-2026-2304

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2304

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2026-2304.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2026-2304

Upstream

CVE-2026-7246

Published

2026-05-15T14:00:20Z

Modified

2026-05-15T14:15:10.794052Z

Summary

python-click security update

Details

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box.

Security Fix(es):

Pallets Click, versions 8.3.2 and below, contains a command injection vulnerability in the click.edit() function. The vulnerability allows attackers to inject arbitrary OS commands through unsanitized filename parameters in the click.edit() function. Attackers can exploit this vulnerability to execute malicious commands from an unprivileged account, potentially leading to complete system compromise.(CVE-2026-7246)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / python-click

Package

Name: python-click
Purl: pkg:rpm/openEuler/python-click&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.4-2.oe2203sp4

Ecosystem specific

{
    "src": [
        "python-click-8.0.4-2.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "python-click-help-8.0.4-2.oe2203sp4.noarch.rpm",
        "python3-click-8.0.4-2.oe2203sp4.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-2304.json"