This advisory addresses CVE-2026-4519 (CVSS 3.3), a command-line option injection vulnerability in Python's `webbrowser.open()` function that can be triggered via crafted URLs. The NVD data indicates the vulnerability affects Python versions prior to 3.13.13, versions 3.14.0 through 3.14.3, and version 3.15.0. The fixed versions are Python 3.13.13 and 3.14.4.
Red Hat Product Errata RHSA-2026:9289 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9289 - Security Advisory Overview Updated Packages Synopsis Important: python3 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64 Red Hat Enterprise Linux Server - TUS 8.8 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 Fixes BZ - 2449649 - CVE-2026-4519 python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVEs CVE-2026-4519 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 SRPM python3-3.6.8-51.el8_8.14.src.rpm SHA-256: 407e6726a2e1bb1229dab70fb2abee262413c8310837134f467307c7682b8dec x86_64 platform-python-3.6.8-51.el8_8.14.i686.rpm SHA-256: 7d2bdf36fcfe793f1d49ccd4a39e5a66625fbf0b2c97c0e4f78a96bf0c9f2021 platform-python-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 7f9c8300e5b9396d13a5fbecea49ce77afaeb045cae6ce2caa23652b1e04ad55 platform-python-debug-3.6.8-51.el8_8.14.i686.rpm SHA-256: 90f5d9a883e54dd0fbb3be9420f3b8b94b9e634bf10c6b15e66e4a2124567b8d platform-python-debug-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 7bb535fb86d23d70431ebf0e0712f34f1d3c5cff8f96a3e192022f2e99a8a7d7 platform-python-devel-3.6.8-51.el8_8.14.i686.rpm SHA-256: bbbd6ce674387cf1f2ef340610f52698e8c5346199b66e91c248ab9091e29dc6 platform-python-devel-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: fd71e6d41ac8dc85f2277604d7a6fd466a195da33556775b855f96bde5940a66 python3-debuginfo-3.6.8-51.el8_8.14.i686.rpm SHA-256: 6de443ba3859255189cd3c6772094705c9fcef9ba5aab5a9d498a392588589e7 python3-debuginfo-3.6.8-51.el8_8.14.i686.rpm SHA-256: 6de443ba3859255189cd3c6772094705c9fcef9ba5aab5a9d498a392588589e7 python3-debuginfo-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 4d8d4828887c1e4cd8bd0f0b72d5bb0b14aa0a1f29ed550e7821d46fa2c7fe3d python3-debuginfo-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 4d8d4828887c1e4cd8bd0f0b72d5bb0b14aa0a1f29ed550e7821d46fa2c7fe3d python3-debugsource-3.6.8-51.el8_8.14.i686.rpm SHA-256: ff079db96b479cc9ff2cbfbb1b06cf0fef12f0b6add9ce4ccc86e646db3d1e8a python3-debugsource-3.6.8-51.el8_8.14.i686.rpm SHA-256: ff079db96b479cc9ff2cbfbb1b06cf0fef12f0b6add9ce4ccc86e646db3d1e8a python3-debugsource-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 1e4917911bfe0be1d4646a45231eb49dffd9c9840fe741ade207124784fcde9b python3-debugsource-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 1e4917911bfe0be1d4646a45231eb49dffd9c9840fe741ade207124784fcde9b python3-idle-3.6.8-51.el8_8.14.i686.rpm SHA-256: dcff947a2dec1977eee2485c7c1e3032df9cbe03e7c83a210be3c1d39ec7e26e python3-idle-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 9baebe5ba5111e9b2d7372da5be11a9226e6d3a9d626243bf60a809a4639a978 python3-libs-3.6.8-51.el8_8.14.i686.rpm SHA-256: aad68b52b6b5b731910935efba7a691bacc7440edb71b0b7b5741bc451a2edc1 python3-libs-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 83cb4f89317b1bca44958287474085d706ee0c9f28b573ad992d8e3a1725a953 python3-test-3.6.8-51.el8_8.14.i686.rpm SHA-256: a509203404424e0f93ecc3f829ca3222cc3c39eb127dd9a5392c936e290e7ea3 python3-test-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 0fb10edd568c9b3ae527128fabdbb67216a914cce095286f702fdbbbc527adda python3-tkinter-3.6.8-51.el8_8.14.i686.rpm SHA-256: 098a2a3f31c3ff2a00afea6e43794df3eb11b62397b858d9f15c824623fdf5bb python3-tkinter-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: d2622058556c780e104233f44b3583948335c0429b58b48e5862ab37a7464579 Red Hat Enterprise Linux Server - TUS 8.8 SRPM python3-3.6.8-51.el8_8.14.src.rpm SHA-256: 407e6726a2e1bb1229dab70fb2abee262413c8310837134f467307c7682b8dec x86_64 platform-python-3.6.8-51.el8_8.14.i686.rpm SHA-256: 7d2bdf36fcfe793f1d49ccd4a39e5a66625fbf0b2c97c0e4f78a96bf0c9f2021 platform-python-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 7f9c8300e5b9396d13a5fbecea49ce77afaeb045cae6ce2caa23652b1e04ad55 platform-python-debug-3.6.8-51.el8_8.14.i686.rpm SHA-256: 90f5d9a883e54dd0fbb3be9420f3b8b94b9e634bf10c6b15e66e4a2124567b8d platform-python-debug-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 7bb535fb86d23d70431ebf0e0712f34f1d3c5cff8f96a3e192022f2e99a8a7d7 platform-python-devel-3.6.8-51.el8_8.14.i686.rpm SHA-256: bbbd6ce674387cf1f2ef340610f52698e8c5346199b66e91c248ab9091e29dc6 platform-python-devel-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: fd71e6d41ac8dc85f2277604d7a6fd466a195da33556775b855f96bde5940a66 python3-debuginfo-3.6.8-51.el8_8.14.i686.rpm SHA-256: 6de443ba3859255189cd3c6772094705c9fcef9ba5aab5a9d498a392588589e7 python3-debuginfo-3.6.8-51.el8_8.14.i686.rpm SHA-256: 6de443ba3859255189cd3c6772094705c9fcef9ba5aab5a9d498a392588589e7 python3-debuginfo-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 4d8d4828887c1e4cd8bd0f0b72d5bb0b14aa0a1f29ed550e7821d46fa2c7fe3d python3-debuginfo-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 4d8d4828887c1e4cd8bd0f0b72d5bb0b14aa0a1f29ed550e7821d46fa2c7fe3d python3-debugsource-3.6.8-51.el8_8.14.i686.rpm SHA-256: ff079db96b479cc9ff2cbfbb1b06cf0fef12f0b6add9ce4ccc86e646db3d1e8a python3-debugsource-3.6.8-51.el8_8.14.i686.rpm SHA-256: ff079db96b479cc9ff2cbfbb1b06cf0fef12f0b6add9ce4ccc86e646db3d1e8a python3-debugsource-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 1e4917911bfe0be1d4646a45231eb49dffd9c9840fe741ade207124784fcde9b python3-debugsource-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 1e4917911bfe0be1d4646a45231eb49dffd9c9840fe741ade207124784fcde9b python3-idle-3.6.8-51.el8_8.14.i686.rpm SHA-256: dcff947a2dec1977eee2485c7c1e3032df9cbe03e7c83a210be3c1d39ec7e26e python3-idle-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 9baebe5ba5111e9b2d7372da5be11a9226e6d3a9d626243bf60a809a4639a978 python3-libs-3.6.8-51.el8_8.14.i686.rpm SHA-256: aad68b52b6b5b731910935efba7a691bacc7440edb71b0b7b5741bc451a2edc1 python3-libs-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 83cb4f89317b1bca44958287474085d706ee0c9f28b573ad992d8e3a1725a953 python3-test-3.6.8-51.el8_8.14.i686.rpm SHA-256: a509203404424e0f93ecc3f829ca3222cc3c39eb127dd9a5392c936e290e7ea3 python3-test-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 0fb10edd568c9b3ae527128fabdbb67216a914cce095286f702fdbbbc527adda python3-tkinter-3.6.8-51.el8_8.14.i686.rpm SHA-256: 098a2a3f31c3ff2a00afea6e43794df3eb11b62397b858d9f15c824623fdf5bb python3-tkinter-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: d2622058556c780e104233f44b3583948335c0429b58b48e5862ab37a7464579 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 SRPM python3-3.6.8-51.el8_8.14.src.rpm SHA-256: 407e6726a2e1bb1229dab70fb2abee262413c8310837134f467307c7682b8dec ppc64le platform-python-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: c0e0da5124beb7a09b248be94417bbc325c80c395695ab24197c567f5d9b3058 platform-python-debug-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: 8cf51acb61371386337d5ee5371aec6072866cf3783e2063674796f2f7a45451 platform-python-devel-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: b4c245b2fee2a712ec58b90bd7d358f8547df1735577ff57a8f6f67997bed044 python3-debuginfo-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: 90446dc214b595185337f2faf80ff204e270624c78c5b38b4c8f1713b09d5578 python3-debuginfo-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: 90446dc214b595185337f2faf80ff204e270624c78c5b38b4c8f1713b09d5578 python3-debugsource-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: 0186a3298542d7e08b2f4621756ce7d66b62064f231aaf961916ab3580539be9 python3-debugsource-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: 0186a3298542d7e08b2f4621756ce7d66b62064f231aaf961916ab3580539be9 python3-idle-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: c9422757b9930b51dd73831612cab9918dd3d93ef3f19636e08588777e44d0c3 python3-libs-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: c988af77b0ad21f10d22b9484d3baf3d1426b5475917f9254f1e1da119bb0fd6 python3-test-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: e68bf9ed1f5b86a662c493893918567ef616ce1b82be07d5f5f421d09fbc25bb python3-tkinter-3.6.8-51.el8_8.14.ppc64le.rpm SHA-256: c48b2816c5031aaaca6dd467d7d42ca3d525a63166590a625c8c134b4e5a95ec Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 SRPM python3-3.6.8-51.el8_8.14.src.rpm SHA-256: 407e6726a2e1bb1229dab70fb2abee262413c8310837134f467307c7682b8dec x86_64 platform-python-3.6.8-51.el8_8.14.i686.rpm SHA-256: 7d2bdf36fcfe793f1d49ccd4a39e5a66625fbf0b2c97c0e4f78a96bf0c9f2021 platform-python-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 7f9c8300e5b9396d13a5fbecea49ce77afaeb045cae6ce2caa23652b1e04ad55 platform-python-debug-3.6.8-51.el8_8.14.i686.rpm SHA-256: 90f5d9a883e54dd0fbb3be9420f3b8b94b9e634bf10c6b15e66e4a2124567b8d platform-python-debug-3.6.8-51.el8_8.14.x86_64.rpm SHA-256: 7bb535fb86d23d70431ebf0