PT-2026-26624 · Python+2 · Cpython+2

An7Y

+1

·

Publicado

2026-01-01

·

Atualizado

2026-05-19

·

CVE-2026-4519

CVSS v4.0

7.0

Alta

VetorAV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions CPython (affected versions not specified)
Description The webbrowser.open() API accepted leading dashes in URLs, which could be interpreted as command line options by certain web browsers. This behavior has been modified to reject leading dashes. The issue involves the potential for command execution through crafted URLs passed to the webbrowser.open() function. The vulnerable component is the webbrowser.open() API endpoint. The vulnerable parameter is the URL passed to the webbrowser.open() function.
Recommendations Sanitize URLs prior to passing them to the webbrowser.open() function.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALSA-2026:19019
ALSA-2026:19064
ALSA-2026:19175
ALSA-2026:19176
ALSA-2026:19177
ALSA-2026:19216
ALSA-2026:6256
ALSA-2026:6281
ALSA-2026:6283
ALSA-2026:6285
ALSA-2026:6286
ALSA-2026:6473
ALSA-2026:6766
BDU:2026-07233
BIT-LIBPYTHON-2026-4519
BIT-PYTHON-2026-4519
BIT-PYTHON-MIN-2026-4519
CVE-2026-4519
ECHO-D547-7BAE-8442
OPENSUSE-SU-2026:10469-1
OPENSUSE-SU-2026:10477-1
OPENSUSE-SU-2026:10478-1
OPENSUSE-SU-2026:10479-1
OPENSUSE-SU-2026:10480-1
OPENSUSE-SU-2026:10481-1
OPENSUSE-SU-2026:20517-1
PSF-2026-14
RHSA-2026:10101
RHSA-2026:10102
RHSA-2026:10111
RHSA-2026:19064
RHSA-2026:19175
RHSA-2026:19177
RHSA-2026:19216
RHSA-2026:6016
RHSA-2026:6035
RHSA-2026:6256
RHSA-2026:6281
RHSA-2026:6283
RHSA-2026:6285
RHSA-2026:6286
RHSA-2026:6473
RHSA-2026:6766
RHSA-2026:7010
RHSA-2026:7244
RHSA-2026:7443
RHSA-2026:7661
RHSA-2026:9042
RHSA-2026:9260
RHSA-2026:9261
RHSA-2026:9262
RHSA-2026:9289
RHSA-2026:9354
RHSA-2026:9386
RHSA-2026:9387
RHSA-2026:9591
RHSA-2026:9614
RHSA-2026:9621
RHSA-2026:9705
RHSA-2026:9745
SUSE-SU-2026:1206-1
SUSE-SU-2026:1292-1
SUSE-SU-2026:1296-1
SUSE-SU-2026:1345-1
SUSE-SU-2026:1349-1
SUSE-SU-2026:1354-1
SUSE-SU-2026:1376-1
SUSE-SU-2026:1385-1
SUSE-SU-2026:1417-1
SUSE-SU-2026:1530-1
SUSE-SU-2026:21104-1
SUSE-SU-2026:21178-1
SUSE-SU-2026:21254-1

Produtos afetados

Cpython
Red Os
Rocky Linux