This Important Red Hat Security Advisory addresses two vulnerabilities in Python 3 for RHEL 8: CVE-2026-6100, a use-after-free in decompression modules leading to arbitrary code execution or information disclosure, and CVE-2026-4786, a command injection flaw in the `webbrowser.open()` API allowing arbitrary code execution. The update provides fixed packages for all supported RHEL 8 architectures, and affected systems should apply the provided `python3` update immediately.
Red Hat Product Errata RHSA-2026:11077 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:11077 - Security Advisory Overview Updated Packages Synopsis Important: python3 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM python3-3.6.8-76.el8_10.src.rpm SHA-256: 2c8241cce39c6a5733fff52217f8fd340a7fe2f8046675ba4f221267295852f3 x86_64 platform-python-3.6.8-76.el8_10.i686.rpm SHA-256: d467cc2dd876b30090024d3596742a7568bed997f4c803a357812969aa41716a platform-python-3.6.8-76.el8_10.x86_64.rpm SHA-256: 2e0de0c42b540f9df3bc9602db9b0519ee2522a34522c67aff29ff47a906cc23 platform-python-debug-3.6.8-76.el8_10.i686.rpm SHA-256: 4f40524f5fe4617ba4ff76f3e6c10ab7c0f95d61914feaea135e6d447cb1a23c platform-python-debug-3.6.8-76.el8_10.x86_64.rpm SHA-256: 5e55fd424017151f37433006a1c1a26f2199985e2a0f8738bcc72fcbd95f4299 platform-python-devel-3.6.8-76.el8_10.i686.rpm SHA-256: 411b7afe9b55835c2512b1c19871ec361314c770d486f4a069771761fa20543c platform-python-devel-3.6.8-76.el8_10.x86_64.rpm SHA-256: 07cb64e3c97dab9fb2f93fc7d6e5a2334c0b95a3a214eddb8982780cc0d22951 python3-debuginfo-3.6.8-76.el8_10.i686.rpm SHA-256: d7a250e53d8265571703ab562c919eb99e312080897c2e07e783d30f4619af6e python3-debuginfo-3.6.8-76.el8_10.i686.rpm SHA-256: d7a250e53d8265571703ab562c919eb99e312080897c2e07e783d30f4619af6e python3-debuginfo-3.6.8-76.el8_10.x86_64.rpm SHA-256: 93a44a78bfab915e59493fab396dbb925fecbc7dfc4be78d121b67a2ed41f831 python3-debuginfo-3.6.8-76.el8_10.x86_64.rpm SHA-256: 93a44a78bfab915e59493fab396dbb925fecbc7dfc4be78d121b67a2ed41f831 python3-debugsource-3.6.8-76.el8_10.i686.rpm SHA-256: 49617674143301ad21b3ab3b46f98e68ee1d9172c093915c3e1a9f71c3f38d83 python3-debugsource-3.6.8-76.el8_10.i686.rpm SHA-256: 49617674143301ad21b3ab3b46f98e68ee1d9172c093915c3e1a9f71c3f38d83 python3-debugsource-3.6.8-76.el8_10.x86_64.rpm SHA-256: 01971235b5fbeea7202676990ffa7df737e059e61ba0c9647adac318e2f2b89f python3-debugsource-3.6.8-76.el8_10.x86_64.rpm SHA-256: 01971235b5fbeea7202676990ffa7df737e059e61ba0c9647adac318e2f2b89f python3-idle-3.6.8-76.el8_10.i686.rpm SHA-256: bfef582ddd667606e4477d28d503f2d818eabc2d94ad513ab2e88dd0341b7be8 python3-idle-3.6.8-76.el8_10.x86_64.rpm SHA-256: 8b250cc867c390ae03feb874f36805d28ca7ba0e0d79261db09218a6885eec5e python3-libs-3.6.8-76.el8_10.i686.rpm SHA-256: 0dcafcf311712aa0e99237842d26ac05030a4e66cf35f32c356531746fc3559a python3-libs-3.6.8-76.el8_10.x86_64.rpm SHA-256: e50230219917e30476e0c7edefdabc84744455662af1d86e217dcd4927a37b94 python3-test-3.6.8-76.el8_10.i686.rpm SHA-256: 90556a035c1922beca7d2d8a23514506fd03b6b06ef64b5613a3f8756897231c python3-test-3.6.8-76.el8_10.x86_64.rpm SHA-256: f88ed37824bdd5118f88127ffd42b5e36060b91c005fed3d85930c2a7b45835e python3-tkinter-3.6.8-76.el8_10.i686.rpm SHA-256: 9233886cc95f12f863c850f16cf32896d686edd651446e67d8f01f6b50b65a5b python3-tkinter-3.6.8-76.el8_10.x86_64.rpm SHA-256: 21440b9cd969e2c697965f4ca3b7e9fdbfab93a1d970f5d1408e9282dd0c0617 Red Hat Enterprise Linux for IBM z Systems 8 SRPM python3-3.6.8-76.el8_10.src.rpm SHA-256: 2c8241cce39c6a5733fff52217f8fd340a7fe2f8046675ba4f221267295852f3 s390x platform-python-3.6.8-76.el8_10.s390x.rpm SHA-256: a5effbd83776a95362eb90b861a83e2000caf468c7266ef722a6b9244016b52e platform-python-debug-3.6.8-76.el8_10.s390x.rpm SHA-256: f6072709960ae655e7695a0d4f57b0e6bf60369069468c8efeef4f9f82996d5d platform-python-devel-3.6.8-76.el8_10.s390x.rpm SHA-256: f576b18bdda8c0314188e2422576138451439a4ae96c40e1d9a3fb87710888bc python3-debuginfo-3.6.8-76.el8_10.s390x.rpm SHA-256: 0a933760a42c03ab847aa80a18e8796135e7866215442ca9555269883662cc5a python3-debuginfo-3.6.8-76.el8_10.s390x.rpm SHA-256: 0a933760a42c03ab847aa80a18e8796135e7866215442ca9555269883662cc5a python3-debugsource-3.6.8-76.el8_10.s390x.rpm SHA-256: f5a73942751c0ca65c806bb31ca744b16703d65163c951ebf44be86a05d3d5dd python3-debugsource-3.6.8-76.el8_10.s390x.rpm SHA-256: f5a73942751c0ca65c806bb31ca744b16703d65163c951ebf44be86a05d3d5dd python3-idle-3.6.8-76.el8_10.s390x.rpm SHA-256: 82f07bb66d46d7bead5ac095632fefe2960d02ad5855e8b9b16e62afbe02a9a2 python3-libs-3.6.8-76.el8_10.s390x.rpm SHA-256: 7af27fd50ef4d47d401665711132954ea6ac5b78dbb57304c032a1a6a1aa478a python3-test-3.6.8-76.el8_10.s390x.rpm SHA-256: ae0b4fea0ceb07955f148da5e6d60b74fa14d1dfaded7e3652c88066b01a370a python3-tkinter-3.6.8-76.el8_10.s390x.rpm SHA-256: ac7af88c9fb6c37c31c430a2c3d9b0c0d11a5d79b190182618302132e075d39d Red Hat Enterprise Linux for Power, little endian 8 SRPM python3-3.6.8-76.el8_10.src.rpm SHA-256: 2c8241cce39c6a5733fff52217f8fd340a7fe2f8046675ba4f221267295852f3 ppc64le platform-python-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 23f73668fa626ec6e5e960e7ce6e888bdf781c4fc735c6200cc0fc566a6010d3 platform-python-debug-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 2c0b33109fa5ddbb526bf0e4b0792b6b6a8e5cbaf611bc64dc7864371c5ba503 platform-python-devel-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 19b4c31456c08a0032ddb3574bd95667815b5cbabf04ec14886094062ca968ca python3-debuginfo-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 18863077471060f420566358e47d8ceb427a0f9c51f626e721a185d55d2716e6 python3-debuginfo-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 18863077471060f420566358e47d8ceb427a0f9c51f626e721a185d55d2716e6 python3-debugsource-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 4752ec2df73fdd8e0b9cd35cbdb992df1fe441d5fd36032d1bfacc02cc18d356 python3-debugsource-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 4752ec2df73fdd8e0b9cd35cbdb992df1fe441d5fd36032d1bfacc02cc18d356 python3-idle-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 23cac33d017d5f17f38f0df851d3c62e54259894a950bc3faaad7a6af60a0d2b python3-libs-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 179c988cfa92d01edbcac0b7450fbe59fd8c0277a4500ebb7b62e3478bd68c65 python3-test-3.6.8-76.el8_10.ppc64le.rpm SHA-256: 7121db5707e4bae388f76e2cacdcb5ef679d829c34e1166eea1870f85d222a95 python3-tkinter-3.6.8-76.el8_10.ppc64le.rpm SHA-256: de04828078e5e060abb9cc62d4cf1691425276d3656df745efcfc1f1fcc5043d Red Hat Enterprise Linux for ARM 64 8 SRPM python3-3.6.8-76.el8_10.src.rpm SHA-256: 2c8241cce39c6a5733fff52217f8fd340a7fe2f8046675ba4f221267295852f3 aarch64 platform-python-3.6.8-76.el8_10.aarch64.rpm SHA-256: c69f3d79190fbd944697a85e7f179509dc2d4786d01f7325f15f51ced8759e43 platform-python-debug-3.6.8-76.el8_10.aarch64.rpm SHA-256: a45e2c85045823737fd3fdfb03e01071ad2d2ab9101399459afd171f67a07652 platform-python-devel-3.6.8-76.el8_10.aarch64.rpm SHA-256: 0286a958953f3c2902079942f5542dff6bfa2a3c571c1bdc6d256222c5d058e9 python3-debuginfo-3.6.8-76.el8_10.aarch64.rpm SHA-256: 237234b5a37eb0a937c4cac18bed819d3363f70ac1ee02b6675ad2ad3d8ab61c python3-debuginfo-3.6.8-76.el8_10.aarch64.rpm SHA-256: 237234b5a37eb0a937c4cac18bed819d3363f70ac1ee02b6675ad2ad3d8ab61c python3-debugsource-3.6.8-76.el8_10.aarch64.rpm SHA-256: 5176b2c9e17f7f547b5f3560b92949b57ca1a18880e2afbae36e829fed8efc47 python3-debugsource-3.6.8-76.el8_10.aarch64.rpm SHA-256: 5176b2c9e17f7f547b5f3560b92949b57ca1a18880e2afbae36e829fed8efc47 python3-idle-3.6.8-76.el8_10.aarch64.rpm SHA-256: b184e72a5bcb999e5f2e07db06cb0908f2c41ec7de31ac56ecaaf6e4722a3873 python3-libs-3.6.8-76.el8_10.aarch64.rpm SHA-256: 3f769d34e7b0c6c7b601f92314b2ad16eeb9b9ee01b5edb92fef73a0d386b824 python3-test-3.6.8-76.el8_10.aarch64.rpm SHA-256: b1989e5b148645a7a97e62f1bd90f0aea02029872c562ed477b1a2f3413eb99e python3-tkinter-3.6.8-76.el8_10.aarch64.rpm SHA-256: 2c4625bf94e3561a80d1697b8d7518591a0c6e6d2a1de5964129ea729bf1210d Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM python3-3.6.8-76.el8_10.src.rpm SHA-256: 2c8241cce39c6a5733fff52217f8fd340a7fe2f8046675ba4f221267295852f3 x86_64 platform-python-3.6.8-76.el8_10.i686.rpm SHA-256: d467cc2dd87