A command-line option injection vulnerability (CVE-2026-4519, CVSS 3.3 LOW) in Python's `webbrowser.open()` function allows crafted URLs to inject unintended arguments. The vulnerability affects Python versions prior to 3.13.13, versions 3.14.0 through 3.14.3, and version 3.15.0. The fix requires upgrading to Python version 3.13.13 or 3.14.4.
Red Hat Product Errata RHSA-2026:9262 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9262 - Security Advisory Overview Updated Packages Synopsis Important: python3.9 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2449649 - CVE-2026-4519 python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVEs CVE-2026-4519 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM python3.9-3.9.16-1.el9_2.13.src.rpm SHA-256: 984035bf858c3618b7c8701003d3c120d77ad03c42f60b8eec548f8a5332cff5 x86_64 python-unversioned-command-3.9.16-1.el9_2.13.noarch.rpm SHA-256: 82684b7dff9e2432648f1ed5fb9a07deb6674450b92a3e361cd6e5a0a93a143a python3-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: d667feed1eaf8b54a621ddb5ee363f1eeb2fc67443d2f84e65ac074677f7ac3a python3-devel-3.9.16-1.el9_2.13.i686.rpm SHA-256: f68117ff039fd0a71b6d679d8b4095a433d31fbfb8e330aa0c31f7b98d1e0c57 python3-devel-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: 928e462c11dba41e8ff19dcb840f4fad25bf6c1e2fa9387d3e89ff723fd99486 python3-libs-3.9.16-1.el9_2.13.i686.rpm SHA-256: 6baa558ca81b1e29925d942fc0baeae0d073b31650d8289a0136e268dbcf920e python3-libs-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: 9107625bc4cd3d5cc4ce628ea1309ae76cb45c933532e1ea6cf97ff5a82f128d python3-tkinter-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: b7c7cce0aacfb304eac47065420cec23bb24ed556bff6ac7788201c4368e54f8 python3.9-debuginfo-3.9.16-1.el9_2.13.i686.rpm SHA-256: 97f04f5c82bf13778f423ff129d6112fdc823cb711bc0eb1a5cbc6937efb32a9 python3.9-debuginfo-3.9.16-1.el9_2.13.i686.rpm SHA-256: 97f04f5c82bf13778f423ff129d6112fdc823cb711bc0eb1a5cbc6937efb32a9 python3.9-debuginfo-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: 7ce89bc71e25316a4fc6889f64448fcb5a26d2ad19efc36f35229c4facdd2109 python3.9-debuginfo-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: 7ce89bc71e25316a4fc6889f64448fcb5a26d2ad19efc36f35229c4facdd2109 python3.9-debugsource-3.9.16-1.el9_2.13.i686.rpm SHA-256: 44eace41640ef054e731f89ae55a52c73297814ad5556f4bc472c86c5fb49aa4 python3.9-debugsource-3.9.16-1.el9_2.13.i686.rpm SHA-256: 44eace41640ef054e731f89ae55a52c73297814ad5556f4bc472c86c5fb49aa4 python3.9-debugsource-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: d5cdbba0f5cdc469bb502d14915c2a4b835971a24bc68a8d1996a689ac8b459e python3.9-debugsource-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: d5cdbba0f5cdc469bb502d14915c2a4b835971a24bc68a8d1996a689ac8b459e Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM python3.9-3.9.16-1.el9_2.13.src.rpm SHA-256: 984035bf858c3618b7c8701003d3c120d77ad03c42f60b8eec548f8a5332cff5 ppc64le python-unversioned-command-3.9.16-1.el9_2.13.noarch.rpm SHA-256: 82684b7dff9e2432648f1ed5fb9a07deb6674450b92a3e361cd6e5a0a93a143a python3-3.9.16-1.el9_2.13.ppc64le.rpm SHA-256: 0348fe3c5592fe37057a0fcf702f3841224717b9f6688ff59abd5f2b9c239d68 python3-devel-3.9.16-1.el9_2.13.ppc64le.rpm SHA-256: ac7d900d1336ebca3cbe786dd5529c0fce74b5c1679d50fdb87b2867dd9f7b4a python3-libs-3.9.16-1.el9_2.13.ppc64le.rpm SHA-256: 616f8c59f304e78dddec85ebe27d36260f338915044692b0b461b22a49cb00b2 python3-tkinter-3.9.16-1.el9_2.13.ppc64le.rpm SHA-256: 08f4ddb3a4a18cc30e0cbd01619ae628b5bdfe18ead7fd3a3df3dfdf2b4fc01d python3.9-debuginfo-3.9.16-1.el9_2.13.ppc64le.rpm SHA-256: ae3dbfb8b6490885503665b0a517f4ae2f957db4d967c1a4e7c18f7be70f479b python3.9-debuginfo-3.9.16-1.el9_2.13.ppc64le.rpm SHA-256: ae3dbfb8b6490885503665b0a517f4ae2f957db4d967c1a4e7c18f7be70f479b python3.9-debugsource-3.9.16-1.el9_2.13.ppc64le.rpm SHA-256: 5eda5f9837500b44f4d5b3c60081ef052f851a89c5fbe3c76c12b46caac2c532 python3.9-debugsource-3.9.16-1.el9_2.13.ppc64le.rpm SHA-256: 5eda5f9837500b44f4d5b3c60081ef052f851a89c5fbe3c76c12b46caac2c532 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM python3.9-3.9.16-1.el9_2.13.src.rpm SHA-256: 984035bf858c3618b7c8701003d3c120d77ad03c42f60b8eec548f8a5332cff5 x86_64 python-unversioned-command-3.9.16-1.el9_2.13.noarch.rpm SHA-256: 82684b7dff9e2432648f1ed5fb9a07deb6674450b92a3e361cd6e5a0a93a143a python3-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: d667feed1eaf8b54a621ddb5ee363f1eeb2fc67443d2f84e65ac074677f7ac3a python3-devel-3.9.16-1.el9_2.13.i686.rpm SHA-256: f68117ff039fd0a71b6d679d8b4095a433d31fbfb8e330aa0c31f7b98d1e0c57 python3-devel-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: 928e462c11dba41e8ff19dcb840f4fad25bf6c1e2fa9387d3e89ff723fd99486 python3-libs-3.9.16-1.el9_2.13.i686.rpm SHA-256: 6baa558ca81b1e29925d942fc0baeae0d073b31650d8289a0136e268dbcf920e python3-libs-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: 9107625bc4cd3d5cc4ce628ea1309ae76cb45c933532e1ea6cf97ff5a82f128d python3-tkinter-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: b7c7cce0aacfb304eac47065420cec23bb24ed556bff6ac7788201c4368e54f8 python3.9-debuginfo-3.9.16-1.el9_2.13.i686.rpm SHA-256: 97f04f5c82bf13778f423ff129d6112fdc823cb711bc0eb1a5cbc6937efb32a9 python3.9-debuginfo-3.9.16-1.el9_2.13.i686.rpm SHA-256: 97f04f5c82bf13778f423ff129d6112fdc823cb711bc0eb1a5cbc6937efb32a9 python3.9-debuginfo-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: 7ce89bc71e25316a4fc6889f64448fcb5a26d2ad19efc36f35229c4facdd2109 python3.9-debuginfo-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: 7ce89bc71e25316a4fc6889f64448fcb5a26d2ad19efc36f35229c4facdd2109 python3.9-debugsource-3.9.16-1.el9_2.13.i686.rpm SHA-256: 44eace41640ef054e731f89ae55a52c73297814ad5556f4bc472c86c5fb49aa4 python3.9-debugsource-3.9.16-1.el9_2.13.i686.rpm SHA-256: 44eace41640ef054e731f89ae55a52c73297814ad5556f4bc472c86c5fb49aa4 python3.9-debugsource-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: d5cdbba0f5cdc469bb502d14915c2a4b835971a24bc68a8d1996a689ac8b459e python3.9-debugsource-3.9.16-1.el9_2.13.x86_64.rpm SHA-256: d5cdbba0f5cdc469bb502d14915c2a4b835971a24bc68a8d1996a689ac8b459e Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM python3.9-3.9.16-1.el9_2.13.src.rpm SHA-256: 984035bf858c3618b7c8701003d3c120d77ad03c42f60b8eec548f8a5332cff5 aarch64 python-unversioned-command-3.9.16-1.el9_2.13.noarch.rpm SHA-256: 82684b7dff9e2432648f1ed5fb9a07deb6674450b92a3e361cd6e5a0a93a143a python3-3.9.16-1.el9_2.13.aarch64.rpm SHA-256: 48653d89a5a7696c04adccd6c958291a246215ab5d09d34fc5a5e6ccd8c0def6 python3-devel-3.9.16-1.el9_2.13.aarch64.rpm SHA-256: 6aba3ddcc043883dd312a6965503f140db82c60af87600d950a0508fa9630724 python3-libs-3.9.16-1.el9_2.13.aarch64.rpm SHA-256: e9a677f88eaa25a639050e18c1fb70a82df0d627f5f681c57abff48806765a16 python3-tkinter-3.9.16-1.el9_2.13.aarch64.rpm SHA-256: a60799cb8121fb85afb797b7342ab775cd344a5c06a42a98ce32b2b993fd5990 python3.9-debuginfo-3.9.16-1.el9_2.13.aarch64.rpm SHA-256: 72afae8ee33e917e257807dbc30c4cba11421e4f3152dcb783c6c46c22648217 python3.9-debuginfo-3.9.16-1.el9_2.13.aarch64.rpm SHA-256: 72afae8ee33e917e257807dbc30c4cba11421e4f3152dcb783c6c46c22648217 python3.9-debugsource-3.9.16-1.el9_2.13.aarch64.rpm SHA-256: aa1504f95118610a3e8dc55faaeed79f79ff2ead13b09b3a4abf15833c38fc88 python3.9-debugsource-3.9.16-1.el9_2.13.aarch64.rpm SHA-256: aa1504f95118610a3e8dc55faaeed79f79ff2ead13b09b3a4abf15833c38fc88 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM python3.9-3.9.16-1.el9_2.13.src.rpm SHA-256: 984035bf858c3618b7c8701003d3c120d77ad03c42f60b8eec548f8a5332cff5 s390x python-unversioned-command-3.9.16-1.el9_2.13.noarch.rpm SHA-256: 82684b7dff9e2432648f1ed5fb9a07deb6674450b92a3e361cd6e5a0a93a143a python3-3.9.16-1.el9_2.13.s390x.rpm SHA-256: 8f88a77629e5521ad9098e44f0f00276626cc3a928e67c6c78ca9840fa9e3cc0 python3-devel-3.9.16-1.el9_2.13.s390x.rpm SHA-256: 72052dea9bfb38f9ab9c39782083dbf1143d6536e768d62530aca5a527a92118 python3-libs-3.9.16-1.el9_2.13.s390x.rpm SHA-256: 211e1887dfc5bd90369333700b8a22b9c066258de33015da5ce3ad15096af218 python3-tkinter-3.9.16-1.el9_2.13.s390x.rpm SHA-256: a64a84f3f503d1970d9a55c887d9b7d2dc7388d6e0acd62f90cbbfd55dc0e63a python3.9-debuginfo-3.9.16-1.el9_2.13.s390x.rpm SHA-256: e3fa3c2f570cd0124d1174be4e6ecd148f2160b9ea1e9e57e25938d8d37e4cb1 python3.9-debuginfo-3.9.16-1.el9_2