This important update for Python 3.12 on RHEL 9 addresses two critical vulnerabilities: a use-after-free flaw in decompression modules (CVE-2026-6100) allowing arbitrary code execution or information disclosure, and a command injection vulnerability in the `webbrowser.open()` API (CVE-2026-4786) enabling arbitrary code execution. The article does not provide specific CVSS scores, affected version ranges, or the exact fixed version number. Administrators should apply the referenced Red Hat update packages for their specific architecture immediately.
Red Hat Product Errata RHSA-2026:10745 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:10745 - Security Advisory Overview Updated Packages Synopsis Important: python3.12 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM python3.12-3.12.12-4.el9_7.3.src.rpm SHA-256: f1444c1855d9972d939529a737d4348e948bd9391cba4ebd96c4747d6c0f7647 x86_64 python3.12-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 62835839ebaaff81fc63c8e6988e946abfd7f2de160d1b833a68d17d5ec2a054 python3.12-debuginfo-3.12.12-4.el9_7.3.i686.rpm SHA-256: baf8053dc29c02458e6622a43398d9770fca5f2e81c6093a4e125a0d4df6b5ab python3.12-debuginfo-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: fc360a4caf2c2ae09a5a015fde351e920522b88e29b5f1ad08194114560ab624 python3.12-debugsource-3.12.12-4.el9_7.3.i686.rpm SHA-256: 696a63baaaa8a73cecf01efd5665b83838bde3e9fe93511350b4843054156de0 python3.12-debugsource-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 31b1cf6112e78e9a81b6d61bc22da7916c5b76e6345c408a219cf7d64ef01814 python3.12-devel-3.12.12-4.el9_7.3.i686.rpm SHA-256: c81f555ce9645045059b48762811a6310a58e65aebd40e4a2fbebed0071681be python3.12-devel-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 8d9bdd5cb3523f3325980cc90c080c0836e7e8fb392d74c216eac6f8c87966ae python3.12-libs-3.12.12-4.el9_7.3.i686.rpm SHA-256: 8646b8edf90717f63257d7eba9ce65e7baf05c065d378a445be0a354c7e2d48c python3.12-libs-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 4b5ab1a1ce32d90a7ec36fc59a9821d1b49c3de7cfc2992f78dd4e7f16323bc0 python3.12-tkinter-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 63dd886d7cad6aa78663d63730e7e74c6627d9ecd52be9a8feeac39bc879761f Red Hat Enterprise Linux for IBM z Systems 9 SRPM python3.12-3.12.12-4.el9_7.3.src.rpm SHA-256: f1444c1855d9972d939529a737d4348e948bd9391cba4ebd96c4747d6c0f7647 s390x python3.12-3.12.12-4.el9_7.3.s390x.rpm SHA-256: d29f4d60a89c8c4f5ef68e5212f8246523671fe44b17296306345326acd87246 python3.12-debuginfo-3.12.12-4.el9_7.3.s390x.rpm SHA-256: 2e8e1472efd6627da37f783d03acbf3b511fe0ae46e4fa2f29d103642ca822a9 python3.12-debugsource-3.12.12-4.el9_7.3.s390x.rpm SHA-256: a457afc256b29eb2210ca767b73e0ae2a9c49d0919c4ef574c918f1b141ae5e7 python3.12-devel-3.12.12-4.el9_7.3.s390x.rpm SHA-256: 650ea2742a069237ba16e5c26176376199a2bdce238443f651e06df66ee2cae5 python3.12-libs-3.12.12-4.el9_7.3.s390x.rpm SHA-256: 556883ad4072b6a2b2043a2060f31729af3431f7d23ab0de0dafcb98fa03ff9a python3.12-tkinter-3.12.12-4.el9_7.3.s390x.rpm SHA-256: 418fa2646c61e7975fefd1aad4b81249220351caab65222e258f06d4a2803e3f Red Hat Enterprise Linux for Power, little endian 9 SRPM python3.12-3.12.12-4.el9_7.3.src.rpm SHA-256: f1444c1855d9972d939529a737d4348e948bd9391cba4ebd96c4747d6c0f7647 ppc64le python3.12-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: 81c5af32396fad88e9951a1fb863ad6a0c41d4f900f2f795b32b161e1dec4a91 python3.12-debuginfo-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: 93d660d74ae8ff2679ca2aea989ef9b0893a430e9cf6ad4e929b67afaf3ecedc python3.12-debugsource-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: d359174fee6c01bf635e8e315fec28e81fa4f821e2358502d21c93412516b621 python3.12-devel-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: 4484bc2349442a9544200c17cebfc4f19e8f7ef5d307a6aae6bcd970deff4199 python3.12-libs-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: a05755745864bae639463645e920de33152e89384750951caafa7941cf556b38 python3.12-tkinter-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: 4e1fd4c9126f81d447c08f60a0a27f9a8f3938c280af4c154961c254c997abb5 Red Hat Enterprise Linux for ARM 64 9 SRPM python3.12-3.12.12-4.el9_7.3.src.rpm SHA-256: f1444c1855d9972d939529a737d4348e948bd9391cba4ebd96c4747d6c0f7647 aarch64 python3.12-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: d247c294173a9ebc0d79114e939af9db9f159b66cbf6ede6fe211aeea401b113 python3.12-debuginfo-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: 7bb401a3274343ff7feb1f889a393c2efd0f38c32c47e7995c0b8d8cc844a998 python3.12-debugsource-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: b85079e400a4769de1a85cce143eded833b77f675cad413414c04b2ab3c1db15 python3.12-devel-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: fa44c13fb579fd6058fb7eac3143fbbaf616f6bc1a4f2954f8cf37b597b069b6 python3.12-libs-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: 9f78d6ccf7650e9282eda62b0814502104a1f0f703da1d0cc42ae7019fe5b150 python3.12-tkinter-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: 750270f548291b0e319475e0205c9fddd347e99a231032a01eb6772ffe2587d7 Red Hat CodeReady Linux Builder for x86_64 9 SRPM x86_64 python3.12-3.12.12-4.el9_7.3.i686.rpm SHA-256: a0580d9d261709a57f92470d0bb84ef9101881106b1c44a8eadf44d842517d1c python3.12-debug-3.12.12-4.el9_7.3.i686.rpm SHA-256: 1e43c8a03b8c6c66c70472df45b11b4c6795994afc284e9184d1f95afb7e542a python3.12-debug-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 59f8200b9995e06e51b5af7fd0ef42473e982da91d50354f025fe0a357a1833b python3.12-debuginfo-3.12.12-4.el9_7.3.i686.rpm SHA-256: baf8053dc29c02458e6622a43398d9770fca5f2e81c6093a4e125a0d4df6b5ab python3.12-debuginfo-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: fc360a4caf2c2ae09a5a015fde351e920522b88e29b5f1ad08194114560ab624 python3.12-debugsource-3.12.12-4.el9_7.3.i686.rpm SHA-256: 696a63baaaa8a73cecf01efd5665b83838bde3e9fe93511350b4843054156de0 python3.12-debugsource-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 31b1cf6112e78e9a81b6d61bc22da7916c5b76e6345c408a219cf7d64ef01814 python3.12-idle-3.12.12-4.el9_7.3.i686.rpm SHA-256: f4f394e0f9db50f1fc9183494062272d5c3fef09c17bc6fc07c5143e802c6952 python3.12-idle-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 56e93ea6ae75ce6177292d4112e4f6129f85b0a09e41a5a151577ec67683682b python3.12-test-3.12.12-4.el9_7.3.i686.rpm SHA-256: 870b0aaeb0fd599a756ddc82819d04e5e5af55db1d8aa6fbf25102e1c0ef71a3 python3.12-test-3.12.12-4.el9_7.3.x86_64.rpm SHA-256: 5f162802d37a0244636e66ad56dd2605e35c91bf7ad0655f0e21e51026b7dc4d python3.12-tkinter-3.12.12-4.el9_7.3.i686.rpm SHA-256: c65b3dc37a7a51864be150cac4df490c2b838a075c9c3108c66c235caaf4a338 Red Hat CodeReady Linux Builder for Power, little endian 9 SRPM ppc64le python3.12-debug-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: 41d3a373ed60c579f30381639dcf88274c353026f300a9a21443d59278176842 python3.12-debuginfo-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: 93d660d74ae8ff2679ca2aea989ef9b0893a430e9cf6ad4e929b67afaf3ecedc python3.12-debugsource-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: d359174fee6c01bf635e8e315fec28e81fa4f821e2358502d21c93412516b621 python3.12-idle-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: 9c9576c1e861ed16986fa6ae301d063d03a6258edf145695effc9d3de0dd527c python3.12-test-3.12.12-4.el9_7.3.ppc64le.rpm SHA-256: d6e7ac09469e7260d24cac281057d986649385865c76a382550cb26ef56c10b0 Red Hat CodeReady Linux Builder for ARM 64 9 SRPM aarch64 python3.12-debug-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: ecf40df3a5bd809e147bdbe63203d9640e5b73174f349a712173bfa1c003c99a python3.12-debuginfo-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: 7bb401a3274343ff7feb1f889a393c2efd0f38c32c47e7995c0b8d8cc844a998 python3.12-debugsource-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: b85079e400a4769de1a85cce143eded833b77f675cad413414c04b2ab3c1db15 python3.12-idle-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: 5fdf1eb86eb7581465e3dd3e097e48583528f9da7225686d56c8da660d4fd941 python3.12-test-3.12.12-4.el9_7.3.aarch64.rpm SHA-256: 536e6456ea4d266d892db115ea685600cc0c9d5ac3c702e52d297ecfd7143dbd Red Hat CodeReady Linux Builder for IBM z Systems 9 SRPM s390x python3.12-debug-3.12.12-4.el9_7.3.s390x.rpm SHA-256: a8c3f9c6c35dce7fff6edee1b3be4733b4c1f98c7f8dd83c8feaaed4a5727b84 python3.12-debuginfo-3.12.12-4.el9_7.3.s390x.rpm SHA-256: 2e8e1472efd6627da37f783d03acbf3b511fe0ae46e4fa2f29d103642ca822a9 python3.12-debugsource-3.12.12-4.el9_7.3.s390x.rpm SHA-256: a457afc256b29eb2210ca767b73e0ae2a9c49d0919c4ef574c918f1b141ae5e7 python3.12-idle-3.12.12-4.el9_7.3.s390x.rpm SHA-256: 5436e231a9bf4ee3b750953bc0869fa58298d3db924a72ba2c5375ae7869e217 p