This vulnerability (CVE-2026-4519) is a command-line option injection in Python's `webbrowser.open()` function, allowing crafted URLs to execute unintended commands. It has a CVSS 3.1 score of 3.3 (Low). The affected versions are Python 3.x prior to 3.13.13, Python 3.14.0 through 3.14.3, and Python 3.15.0, with fixes available in versions 3.13.13, 3.14.4, and later.
Red Hat Product Errata RHSA-2026:10111 - Security Advisory Issued: 2026-04-23 Updated: 2026-04-23 RHSA-2026:10111 - Security Advisory Overview Updated Packages Synopsis Important: python3.12 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2449649 - CVE-2026-4519 python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVEs CVE-2026-4519 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM python3.12-3.12.1-4.el9_4.12.src.rpm SHA-256: 01e869ed5804e94ba0c257d17cc0d07ea22aa71df2db0767a7daab44e84addd7 x86_64 python3.12-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 044027a1fc81d810f6d35379cb15902e5d3ba0ca37f75c8de37720d52f50e054 python3.12-debuginfo-3.12.1-4.el9_4.12.i686.rpm SHA-256: a7c128e290f3e64c1d5553e967d350232bae0473fbf5ff22ac28469b2f452ee6 python3.12-debuginfo-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 00787293c5ecab5116dda68f6580b774b2d2c5cb6b52830c509d951857275562 python3.12-debugsource-3.12.1-4.el9_4.12.i686.rpm SHA-256: b36728b995f84949e976f920de2aaac7d2048ef2b8f60361606db30eab7bbee1 python3.12-debugsource-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: c31f4fb6fff42e24bbd95cdbd8c905b1347531321280052f90afaa929540b500 python3.12-devel-3.12.1-4.el9_4.12.i686.rpm SHA-256: 04cfc3c86163a1fe2f91cbd66c3b2a0ed67ac40e30cc97cab94eca0a65f7d8d6 python3.12-devel-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 2343c9e9764726aadff3ed0054d43f2b1e3ba3cdf883e414cb0ec9328733d827 python3.12-libs-3.12.1-4.el9_4.12.i686.rpm SHA-256: 60c2f81d3d1c4f45982e7edb45b45117f58ce86f9fccd7064ada3f06b68d382d python3.12-libs-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 1f59de1cf4126aaeeb34e909f2097ab696f54acedcf1e142eac4c469a484f546 python3.12-tkinter-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 7667a8ee6febdeef08aab8c95f961c59b6b6682905dc7502e0c090c15cb46c4a Red Hat Enterprise Linux Server - AUS 9.4 SRPM python3.12-3.12.1-4.el9_4.12.src.rpm SHA-256: 01e869ed5804e94ba0c257d17cc0d07ea22aa71df2db0767a7daab44e84addd7 x86_64 python3.12-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 044027a1fc81d810f6d35379cb15902e5d3ba0ca37f75c8de37720d52f50e054 python3.12-debuginfo-3.12.1-4.el9_4.12.i686.rpm SHA-256: a7c128e290f3e64c1d5553e967d350232bae0473fbf5ff22ac28469b2f452ee6 python3.12-debuginfo-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 00787293c5ecab5116dda68f6580b774b2d2c5cb6b52830c509d951857275562 python3.12-debugsource-3.12.1-4.el9_4.12.i686.rpm SHA-256: b36728b995f84949e976f920de2aaac7d2048ef2b8f60361606db30eab7bbee1 python3.12-debugsource-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: c31f4fb6fff42e24bbd95cdbd8c905b1347531321280052f90afaa929540b500 python3.12-devel-3.12.1-4.el9_4.12.i686.rpm SHA-256: 04cfc3c86163a1fe2f91cbd66c3b2a0ed67ac40e30cc97cab94eca0a65f7d8d6 python3.12-devel-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 2343c9e9764726aadff3ed0054d43f2b1e3ba3cdf883e414cb0ec9328733d827 python3.12-libs-3.12.1-4.el9_4.12.i686.rpm SHA-256: 60c2f81d3d1c4f45982e7edb45b45117f58ce86f9fccd7064ada3f06b68d382d python3.12-libs-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 1f59de1cf4126aaeeb34e909f2097ab696f54acedcf1e142eac4c469a484f546 python3.12-tkinter-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 7667a8ee6febdeef08aab8c95f961c59b6b6682905dc7502e0c090c15cb46c4a Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM python3.12-3.12.1-4.el9_4.12.src.rpm SHA-256: 01e869ed5804e94ba0c257d17cc0d07ea22aa71df2db0767a7daab44e84addd7 s390x python3.12-3.12.1-4.el9_4.12.s390x.rpm SHA-256: 38dbc7ca957bb28e37d79130cc969c7dd6c226586a58d61de5da9e0f949c1f91 python3.12-debuginfo-3.12.1-4.el9_4.12.s390x.rpm SHA-256: 14919c477f4c38ca0e7f39306dc253416ee8d9e553747990bc98afc505d65efa python3.12-debugsource-3.12.1-4.el9_4.12.s390x.rpm SHA-256: 5815bfbb7eb222785614ba7d9b60f144e8ddadae619899c8cac2736970c3d643 python3.12-devel-3.12.1-4.el9_4.12.s390x.rpm SHA-256: 3481654fefdfe00aaf913d880cc8d931e4d01b6f608fb29223505507edf95ee8 python3.12-libs-3.12.1-4.el9_4.12.s390x.rpm SHA-256: f30d724eaf30e7e924f90a6b3a21f4b05927ff3f673fddf9e460d4787a55d24a python3.12-tkinter-3.12.1-4.el9_4.12.s390x.rpm SHA-256: a842934c2457010fd0e777280de0c3e796913ca5d2782bb81cd009d4cd2cd5ab Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM python3.12-3.12.1-4.el9_4.12.src.rpm SHA-256: 01e869ed5804e94ba0c257d17cc0d07ea22aa71df2db0767a7daab44e84addd7 ppc64le python3.12-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: 8d27a44f0ab868160848c767a62b385279b16aaf9887dd9e4a7faa530fe6b750 python3.12-debuginfo-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: 31c79f3621d0febbab96409ff496b8fc30710a051e1b43ca83e3679ede65b51c python3.12-debugsource-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: b6dbfae4e1280da02a7d603729f47d2d4e4f5e9b5aed02386ae2fb7b54652c3a python3.12-devel-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: 6f60bac40b90c286c018e8c5ad5aacfa73c488cb509e8db5aea3e28606adcb64 python3.12-libs-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: d0dfb2834086f88bf246d6f416721b3e2efc239f8072473a03e66ce65fe8788e python3.12-tkinter-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: f7d1e0b713ffbc944225429eca88762333b1a68d742ee8650c2abd59ae9dbb0f Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM python3.12-3.12.1-4.el9_4.12.src.rpm SHA-256: 01e869ed5804e94ba0c257d17cc0d07ea22aa71df2db0767a7daab44e84addd7 aarch64 python3.12-3.12.1-4.el9_4.12.aarch64.rpm SHA-256: 7b662e93189d81e708ca8da4b172e50e45dcdbb08d48a0a2abd087b3fd918034 python3.12-debuginfo-3.12.1-4.el9_4.12.aarch64.rpm SHA-256: b48d9130b4595188e65f325d07cb05700553bf973bb4e4f22a4efe4fb6406b17 python3.12-debugsource-3.12.1-4.el9_4.12.aarch64.rpm SHA-256: 713f79d4e05979881486cefedc7444fa9c6d9d044840d39e58b6cc470cd9788c python3.12-devel-3.12.1-4.el9_4.12.aarch64.rpm SHA-256: bce9005311d0cb16967a117f767bd2c845128d0210952a4dfd56731eafc853db python3.12-libs-3.12.1-4.el9_4.12.aarch64.rpm SHA-256: ba3c3e23e64fe02c514d4ed53534a5b7110e729bf10e3727ea05c817a646a259 python3.12-tkinter-3.12.1-4.el9_4.12.aarch64.rpm SHA-256: 6fbe95a0c78cfe3e3986f208f0e00ceb851a571fed036b8c2936311d2f3727e3 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM python3.12-3.12.1-4.el9_4.12.src.rpm SHA-256: 01e869ed5804e94ba0c257d17cc0d07ea22aa71df2db0767a7daab44e84addd7 ppc64le python3.12-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: 8d27a44f0ab868160848c767a62b385279b16aaf9887dd9e4a7faa530fe6b750 python3.12-debuginfo-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: 31c79f3621d0febbab96409ff496b8fc30710a051e1b43ca83e3679ede65b51c python3.12-debugsource-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: b6dbfae4e1280da02a7d603729f47d2d4e4f5e9b5aed02386ae2fb7b54652c3a python3.12-devel-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: 6f60bac40b90c286c018e8c5ad5aacfa73c488cb509e8db5aea3e28606adcb64 python3.12-libs-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: d0dfb2834086f88bf246d6f416721b3e2efc239f8072473a03e66ce65fe8788e python3.12-tkinter-3.12.1-4.el9_4.12.ppc64le.rpm SHA-256: f7d1e0b713ffbc944225429eca88762333b1a68d742ee8650c2abd59ae9dbb0f Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM python3.12-3.12.1-4.el9_4.12.src.rpm SHA-256: 01e869ed5804e94ba0c257d17cc0d07ea22aa71df2db0767a7daab44e84addd7 x86_64 python3.12-3.12.1-4.el9_4.12.x86_64.rpm SHA-256: 044027a1fc81d810f6d35379cb15902e5d3ba0ca37f75c8de37720d52f50e054 python3.12-debuginfo-3.12.1-4.el9_4.12.i686.r