PSF-0000-CVE-2026-4786

See a problem?

Import Source

https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-0000-CVE-2026-4786.json

JSON Data

https://api.osv.dev/v1/vulns/PSF-0000-CVE-2026-4786

Aliases

CVE-2026-4786
PSF-2026-17

Published

2026-04-13T21:52:19.036Z

Modified

2026-04-14T01:11:06.401329078Z

Summary

[none]

Details

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.

Database specific

{
    "cwe_ids": []
}

References

https://github.com/python/cpython/pull/148170
https://github.com/python/cpython/issues/148169
https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/

Affected packages

Git / github.com/python/cpython

Affected ranges

Type: GIT
Repo: https://github.com/python/cpython
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Database specific

source

"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-0000-CVE-2026-4786.json"