- What: Security update for Python 3.9 in Red Hat Enterprise Linux 9
- Impact: Red Hat systems may be vulnerable if not updated
Red Hat Product Errata RHSA-2026:10949 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:10949 - Security Advisory Overview Updated Packages Synopsis Important: python3.9 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM python3.9-3.9.25-3.el9_7.3.src.rpm SHA-256: 43ab09b5e8666dbd63a4a9d1da2ad641b485d1a6451866bea77c8e1d4cb9d575 x86_64 python-unversioned-command-3.9.25-3.el9_7.3.noarch.rpm SHA-256: eb0b07f6409e37adb1094444ed1b82b2acc5a5a9cecd09e8001a06584c96f1e3 python3-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 29a5d253a87106b87a81366e7485a25c6e31d0d7398c170bf10fe548d5c2d4c6 python3-devel-3.9.25-3.el9_7.3.i686.rpm SHA-256: bbd273f4f21172d8a48e69b1fc153a794ef79e08670d0d2dfc473a39909b41bd python3-devel-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: b8722cc44c871aebde1d8cddf72291ed7d7771179f804e5fd1c01596754fd812 python3-libs-3.9.25-3.el9_7.3.i686.rpm SHA-256: f1b9c5687e60edc9f7d59ba717dbebba3adb49fdd1606f7cebaa9f2a6197a0cc python3-libs-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 7ba279a66b1f1d93ef9400dc97d98cfe296676794a2e46dc5e46a898e8948c40 python3-tkinter-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 211b83f1dfdadfd0f44067b9954b353db17dd4472125395694763f47c2fb5801 python3.9-debuginfo-3.9.25-3.el9_7.3.i686.rpm SHA-256: cba95fbdd17f41fa99b0ec82cf262f7a75396a4218be3c4ec6450a8b71e6bfc4 python3.9-debuginfo-3.9.25-3.el9_7.3.i686.rpm SHA-256: cba95fbdd17f41fa99b0ec82cf262f7a75396a4218be3c4ec6450a8b71e6bfc4 python3.9-debuginfo-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 1a1d7612829f6ddf6ebf8a890e6f2c6da6389ac2c7c0d956179eb4c60220e2cb python3.9-debuginfo-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 1a1d7612829f6ddf6ebf8a890e6f2c6da6389ac2c7c0d956179eb4c60220e2cb python3.9-debugsource-3.9.25-3.el9_7.3.i686.rpm SHA-256: 45e19f4876e42ff31fa447c883311bee0295c2904cbdd5cccc511785db2945f0 python3.9-debugsource-3.9.25-3.el9_7.3.i686.rpm SHA-256: 45e19f4876e42ff31fa447c883311bee0295c2904cbdd5cccc511785db2945f0 python3.9-debugsource-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 7f30e84c7119b57708b0920b89dbb73ea0813baf0a7653bde2ed950e4a08d53d python3.9-debugsource-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 7f30e84c7119b57708b0920b89dbb73ea0813baf0a7653bde2ed950e4a08d53d Red Hat Enterprise Linux for IBM z Systems 9 SRPM python3.9-3.9.25-3.el9_7.3.src.rpm SHA-256: 43ab09b5e8666dbd63a4a9d1da2ad641b485d1a6451866bea77c8e1d4cb9d575 s390x python-unversioned-command-3.9.25-3.el9_7.3.noarch.rpm SHA-256: eb0b07f6409e37adb1094444ed1b82b2acc5a5a9cecd09e8001a06584c96f1e3 python3-3.9.25-3.el9_7.3.s390x.rpm SHA-256: 25837145352b413bcd43e48b15eddebddfee9ce705f82fecc07de4265936daf6 python3-devel-3.9.25-3.el9_7.3.s390x.rpm SHA-256: 711c22bb9711748e4c9ce2c50dade469e4d7ec88a244648188b6ee9876a869e4 python3-libs-3.9.25-3.el9_7.3.s390x.rpm SHA-256: 112af28cbc41bd202d91b9ebaef09a2e1f318e9660b68c8f4cc7e6ce2f5ccb86 python3-tkinter-3.9.25-3.el9_7.3.s390x.rpm SHA-256: ba29497005e2695003ac6600dce1f086caa171fd870b495b74e49f8d295870d5 python3.9-debuginfo-3.9.25-3.el9_7.3.s390x.rpm SHA-256: d51b59c6b874125d87f15069b883f383490dc04c1e61476996a481ba3cfae7f1 python3.9-debuginfo-3.9.25-3.el9_7.3.s390x.rpm SHA-256: d51b59c6b874125d87f15069b883f383490dc04c1e61476996a481ba3cfae7f1 python3.9-debugsource-3.9.25-3.el9_7.3.s390x.rpm SHA-256: 4a2ecea9c5fe88a84574907b8d00a8ef590cf8b88960113f0b747d7e95def435 python3.9-debugsource-3.9.25-3.el9_7.3.s390x.rpm SHA-256: 4a2ecea9c5fe88a84574907b8d00a8ef590cf8b88960113f0b747d7e95def435 Red Hat Enterprise Linux for Power, little endian 9 SRPM python3.9-3.9.25-3.el9_7.3.src.rpm SHA-256: 43ab09b5e8666dbd63a4a9d1da2ad641b485d1a6451866bea77c8e1d4cb9d575 ppc64le python-unversioned-command-3.9.25-3.el9_7.3.noarch.rpm SHA-256: eb0b07f6409e37adb1094444ed1b82b2acc5a5a9cecd09e8001a06584c96f1e3 python3-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: b97e59ee6305348b7861c9317b4fdd5920969510435697dd0d9f5e9cd2ae04b7 python3-devel-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: 98c29fe6d8ac2f24e2cafddf19a2e13a923a91a3a2ceb9ebd08747cb6c28fb28 python3-libs-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: eeb846eba3100ecd49c163e1795c950cd368b9d0755cad8855aa02410b447e0e python3-tkinter-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: 9855e2be691f1acd95bc921cd762bd3bbd0902709089d35178518d7064f1c602 python3.9-debuginfo-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: 022333744737e3d56c6d3194316d3e8999682ea277c8050de5e2c8f731705c79 python3.9-debuginfo-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: 022333744737e3d56c6d3194316d3e8999682ea277c8050de5e2c8f731705c79 python3.9-debugsource-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: 52c3e1558b775f3f4e5b9ee6329ebd3b405b612150f8007024a035ec51755ca7 python3.9-debugsource-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: 52c3e1558b775f3f4e5b9ee6329ebd3b405b612150f8007024a035ec51755ca7 Red Hat Enterprise Linux for ARM 64 9 SRPM python3.9-3.9.25-3.el9_7.3.src.rpm SHA-256: 43ab09b5e8666dbd63a4a9d1da2ad641b485d1a6451866bea77c8e1d4cb9d575 aarch64 python-unversioned-command-3.9.25-3.el9_7.3.noarch.rpm SHA-256: eb0b07f6409e37adb1094444ed1b82b2acc5a5a9cecd09e8001a06584c96f1e3 python3-3.9.25-3.el9_7.3.aarch64.rpm SHA-256: 84af847dc87f04fa8306a2ced5d5f7f59168207937c25e6f38b3ed8b7c54991a python3-devel-3.9.25-3.el9_7.3.aarch64.rpm SHA-256: f948b894b45c6bb8bd687ded7c53bfc45ae00e1908e2b6a9b1b06fd9b9aaac59 python3-libs-3.9.25-3.el9_7.3.aarch64.rpm SHA-256: 188bbfa5e15a34a4640469277ab3b3aa372891f018df980de104dfc205e95e15 python3-tkinter-3.9.25-3.el9_7.3.aarch64.rpm SHA-256: e69efdd9d8718df0aa6d886fa27f3d061847e4a3915e3cd1b3ca455866187371 python3.9-debuginfo-3.9.25-3.el9_7.3.aarch64.rpm SHA-256: 84f29b32fa2d278e67047ddc7dd3885bbb4fe6f1d4760df373767e4159397397 python3.9-debuginfo-3.9.25-3.el9_7.3.aarch64.rpm SHA-256: 84f29b32fa2d278e67047ddc7dd3885bbb4fe6f1d4760df373767e4159397397 python3.9-debugsource-3.9.25-3.el9_7.3.aarch64.rpm SHA-256: cbb8e4b2a471c5f77380805bed91c734d8628a30de1c9db33a5f5cb8c2b0f17c python3.9-debugsource-3.9.25-3.el9_7.3.aarch64.rpm SHA-256: cbb8e4b2a471c5f77380805bed91c734d8628a30de1c9db33a5f5cb8c2b0f17c Red Hat CodeReady Linux Builder for x86_64 9 SRPM x86_64 python3-3.9.25-3.el9_7.3.i686.rpm SHA-256: b8e6a2d806eceb57917ff01a9949cdcce0ab6ad6d896157c86e7870ec37d3a92 python3-debug-3.9.25-3.el9_7.3.i686.rpm SHA-256: c0eff3e9317f49fce2a99f7c4533bf8c631fe9edc5b5f9af894e160b595229a3 python3-debug-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 055fa36f8555df397043c363d6c6f16e95effca5f34ea460917dac42156862fc python3-idle-3.9.25-3.el9_7.3.i686.rpm SHA-256: 710c92fbc7038f69207768730a1385e406388abe9aea6ddbdef1e3d817ddaf7e python3-idle-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: c88d9785345c68b95d56d89768884ac7eb5cc5d11ea3ffef57bccb98159ddb6f python3-test-3.9.25-3.el9_7.3.i686.rpm SHA-256: a816577005866d9567eec5f316e80fc3061b5820a3721b7aeb6f16d107cdb30a python3-test-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 164fb6fd7d0dbd56c5ee636a2a2cd9ae5f799dac317169560395680247dfe83e python3-tkinter-3.9.25-3.el9_7.3.i686.rpm SHA-256: e476c7ddf8b793f4841e053f1d9fe874555842a9d0690ae8bd80e86d90ece9ff python3.9-debuginfo-3.9.25-3.el9_7.3.i686.rpm SHA-256: cba95fbdd17f41fa99b0ec82cf262f7a75396a4218be3c4ec6450a8b71e6bfc4 python3.9-debuginfo-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 1a1d7612829f6ddf6ebf8a890e6f2c6da6389ac2c7c0d956179eb4c60220e2cb python3.9-debugsource-3.9.25-3.el9_7.3.i686.rpm SHA-256: 45e19f4876e42ff31fa447c883311bee0295c2904cbdd5cccc511785db2945f0 python3.9-debugsource-3.9.25-3.el9_7.3.x86_64.rpm SHA-256: 7f30e84c7119b57708b0920b89dbb73ea0813baf0a7653bde2ed950e4a08d53d Red Hat CodeReady Linux Builder for Power, little endian 9 SRPM ppc64le python3-debug-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: 5275fb27a775086ce2476b1c2e23f7087c645439b922780d4f0f5c9b5f48abff python3-idle-3.9.25-3.el9_7.3.ppc64le.rpm SHA-256: b8ec91943092ffcc9b3ba9724c2d01ae19ac7dae4b7a2d4dafd4bd620b4cba9