Pallets · Click · CVE-2026-7246
**Name of the Vulnerable Software and Affected Versions**
Pallets Click versions 8.3.2 and earlier
**Description**
A command injection issue exists in the `click.edit()` function, which allows an unprivileged account to execute arbitrary operating system commands.
**Recommendations**
Update to a version later than 8.3.2.
As a temporary workaround, consider restricting the use of the `click.edit()` function.