Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.
"https://github.com/pypa/advisory-database/blob/main/vulns/click/PYSEC-2026-2132.yaml"