PT-2026-32545 · Rocky Linux · Rocky Linux

An7Y

Published

2026-04-13

Updated

2026-06-12

CVE-2026-4786

CVSS v4.0

7.0

High

Vector

AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description An incomplete mitigation allows for a bypass when a URL contains the string "%action". For certain browser types, this can lead to command injection into the underlying shell via the webbrowser.open() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

ALSA-2026:10711

ALSA-2026:10745

ALSA-2026:10774

ALSA-2026:10949

ALSA-2026:10950

ALSA-2026:11062

ALSA-2026:11077

ALSA-2026:19019

ALSA-2026:19064

ALSA-2026:19175

ALSA-2026:19176

ALSA-2026:19177

ALSA-2026:19216

BIT-LIBPYTHON-2026-4786

BIT-PYTHON-2026-4786

BIT-PYTHON-MIN-2026-4786

CVE-2026-4786

OESA-2026-2115

OESA-2026-2116

OESA-2026-2117

OPENSUSE-SU-2026:10647-1

OPENSUSE-SU-2026:10648-1

OPENSUSE-SU-2026:10667-1

PSF-2026-17

RHSA-2026:10117

RHSA-2026:10711

RHSA-2026:10745

RHSA-2026:10774

RHSA-2026:10949

RHSA-2026:10950

RHSA-2026:11062

RHSA-2026:11077

RHSA-2026:13692

RHSA-2026:14652

RHSA-2026:14653

RHSA-2026:14656

RHSA-2026:16699

RHSA-2026:17525

RHSA-2026:17619

RHSA-2026:19064

RHSA-2026:19177

RHSA-2026:19549

RHSA-2026:19570

RHSA-2026:19571

RHSA-2026:19576

RHSA-2026:19589

RHSA-2026:19590

RHSA-2026:21682

RHSA-2026:22144

RHSA-2026:8822

RHSA-2026:8824

RHSA-2026:9228

SUSE-SU-2026:2387-1

Affected Products

Rocky Linux

PT-2026-32545 · Rocky Linux · Rocky Linux

CVE-2026-4786

Weakness Enumeration

Related Identifiers

Affected Products

References · 138