Red Hat Product Errata RHSA-2026:19570 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19570 - Security Advisory Overview Updated Packages Synopsis Important: python3.9 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM python3.9-3.9.16-1.el9_2.14.src.rpm SHA-256: 8ff8a7c6a8790c9a41c0d9150f6b7b81409b77e91ff238776b6995aca6622835 x86_64 python-unversioned-command-3.9.16-1.el9_2.14.noarch.rpm SHA-256: 7dcd8101a4a18073e9dd7b0ff4648071ac4b4dac44d56928302b82318a36d3f8 python3-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: 96292f28e7be9e6698485dbc7cbf23f65ee97c1fde685799751f0c73d0debe19 python3-devel-3.9.16-1.el9_2.14.i686.rpm SHA-256: 08cb99a41b4b770d308b9dfb86c2a7282cc8b139038d2e7a8f816dccc7808f96 python3-devel-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: d572047a5549d97886ffcedbe7ce5fad01194f1a937ca50f2f74945ef4b36fc8 python3-libs-3.9.16-1.el9_2.14.i686.rpm SHA-256: bd63d7773b7bb2730d20e9772d51cd75bf348f0a0166c4751d7049afad780aff python3-libs-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: 0ff69b7b382a9f714db88928dcf13cca9ac2ed53cff38c0ed269edfa6a035131 python3-tkinter-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: adb916a494a312fd8f183fc7c8d7c7a845d0da958927e3ad8a3af27705de616d python3.9-debuginfo-3.9.16-1.el9_2.14.i686.rpm SHA-256: d1f08ead03e9bae7f04649551cfa84f8fcd0c59a424eb7a62713a5c0f99656c0 python3.9-debuginfo-3.9.16-1.el9_2.14.i686.rpm SHA-256: d1f08ead03e9bae7f04649551cfa84f8fcd0c59a424eb7a62713a5c0f99656c0 python3.9-debuginfo-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: ff3bb0060d20b14db7a66686deef738d303b6af78c1bd8b01a9db8c9493075cb python3.9-debuginfo-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: ff3bb0060d20b14db7a66686deef738d303b6af78c1bd8b01a9db8c9493075cb python3.9-debugsource-3.9.16-1.el9_2.14.i686.rpm SHA-256: 0789439323987538a6d385190611af6dc49a8169a8f8a715e216c4e20dd741b2 python3.9-debugsource-3.9.16-1.el9_2.14.i686.rpm SHA-256: 0789439323987538a6d385190611af6dc49a8169a8f8a715e216c4e20dd741b2 python3.9-debugsource-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: dd3c680bd7f32b81ece95e38276d9817a7ffbc213cfa93159127262cf20c9225 python3.9-debugsource-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: dd3c680bd7f32b81ece95e38276d9817a7ffbc213cfa93159127262cf20c9225 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM python3.9-3.9.16-1.el9_2.14.src.rpm SHA-256: 8ff8a7c6a8790c9a41c0d9150f6b7b81409b77e91ff238776b6995aca6622835 ppc64le python-unversioned-command-3.9.16-1.el9_2.14.noarch.rpm SHA-256: 7dcd8101a4a18073e9dd7b0ff4648071ac4b4dac44d56928302b82318a36d3f8 python3-3.9.16-1.el9_2.14.ppc64le.rpm SHA-256: 05e7cc2d5a34f35ae4c4f6ddc558ee8ca2547b315ad02fcdda093c94fb7e832d python3-devel-3.9.16-1.el9_2.14.ppc64le.rpm SHA-256: e9e4c7c410c96b8fe08c9557fec955dd0a8632711c7bac930c961c496b5fb9d9 python3-libs-3.9.16-1.el9_2.14.ppc64le.rpm SHA-256: 128d3baefb6859e0900494986a2921626ac6bc98ceb675424e825aed5d148038 python3-tkinter-3.9.16-1.el9_2.14.ppc64le.rpm SHA-256: f51edfddf9419ff9476f22c236e344bc274b500d29231af544f851706382a71a python3.9-debuginfo-3.9.16-1.el9_2.14.ppc64le.rpm SHA-256: 95efd690e271d2ab3ee5aa189e569c8c8084a5fdb390e0efe2b42d98b46eb3ee python3.9-debuginfo-3.9.16-1.el9_2.14.ppc64le.rpm SHA-256: 95efd690e271d2ab3ee5aa189e569c8c8084a5fdb390e0efe2b42d98b46eb3ee python3.9-debugsource-3.9.16-1.el9_2.14.ppc64le.rpm SHA-256: fbb400052aca0aa68f30d212bb1d3e955cfe5f67ecc02d911a691caaf3a8b9c7 python3.9-debugsource-3.9.16-1.el9_2.14.ppc64le.rpm SHA-256: fbb400052aca0aa68f30d212bb1d3e955cfe5f67ecc02d911a691caaf3a8b9c7 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM python3.9-3.9.16-1.el9_2.14.src.rpm SHA-256: 8ff8a7c6a8790c9a41c0d9150f6b7b81409b77e91ff238776b6995aca6622835 x86_64 python-unversioned-command-3.9.16-1.el9_2.14.noarch.rpm SHA-256: 7dcd8101a4a18073e9dd7b0ff4648071ac4b4dac44d56928302b82318a36d3f8 python3-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: 96292f28e7be9e6698485dbc7cbf23f65ee97c1fde685799751f0c73d0debe19 python3-devel-3.9.16-1.el9_2.14.i686.rpm SHA-256: 08cb99a41b4b770d308b9dfb86c2a7282cc8b139038d2e7a8f816dccc7808f96 python3-devel-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: d572047a5549d97886ffcedbe7ce5fad01194f1a937ca50f2f74945ef4b36fc8 python3-libs-3.9.16-1.el9_2.14.i686.rpm SHA-256: bd63d7773b7bb2730d20e9772d51cd75bf348f0a0166c4751d7049afad780aff python3-libs-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: 0ff69b7b382a9f714db88928dcf13cca9ac2ed53cff38c0ed269edfa6a035131 python3-tkinter-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: adb916a494a312fd8f183fc7c8d7c7a845d0da958927e3ad8a3af27705de616d python3.9-debuginfo-3.9.16-1.el9_2.14.i686.rpm SHA-256: d1f08ead03e9bae7f04649551cfa84f8fcd0c59a424eb7a62713a5c0f99656c0 python3.9-debuginfo-3.9.16-1.el9_2.14.i686.rpm SHA-256: d1f08ead03e9bae7f04649551cfa84f8fcd0c59a424eb7a62713a5c0f99656c0 python3.9-debuginfo-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: ff3bb0060d20b14db7a66686deef738d303b6af78c1bd8b01a9db8c9493075cb python3.9-debuginfo-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: ff3bb0060d20b14db7a66686deef738d303b6af78c1bd8b01a9db8c9493075cb python3.9-debugsource-3.9.16-1.el9_2.14.i686.rpm SHA-256: 0789439323987538a6d385190611af6dc49a8169a8f8a715e216c4e20dd741b2 python3.9-debugsource-3.9.16-1.el9_2.14.i686.rpm SHA-256: 0789439323987538a6d385190611af6dc49a8169a8f8a715e216c4e20dd741b2 python3.9-debugsource-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: dd3c680bd7f32b81ece95e38276d9817a7ffbc213cfa93159127262cf20c9225 python3.9-debugsource-3.9.16-1.el9_2.14.x86_64.rpm SHA-256: dd3c680bd7f32b81ece95e38276d9817a7ffbc213cfa93159127262cf20c9225 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM python3.9-3.9.16-1.el9_2.14.src.rpm SHA-256: 8ff8a7c6a8790c9a41c0d9150f6b7b81409b77e91ff238776b6995aca6622835 aarch64 python-unversioned-command-3.9.16-1.el9_2.14.noarch.rpm SHA-256: 7dcd8101a4a18073e9dd7b0ff4648071ac4b4dac44d56928302b82318a36d3f8 python3-3.9.16-1.el9_2.14.aarch64.rpm SHA-256: e28a101062d99322cbd661b3d901b59c9467dad0e84ed725e8e1c6c889bd59b4 python3-devel-3.9.16-1.el9_2.14.aarch64.rpm SHA-256: 8a42a9677a7f239dbd1fd7d8f9b279843a6c185d15ab6da672270197ea92d6bc python3-libs-3.9.16-1.el9_2.14.aarch64.rpm SHA-256: 18a6603cfa054d886afd83bc72872912aca2b8bedb26fa5e5d219f805b3a8464 python3-tkinter-3.9.16-1.el9_2.14.aarch64.rpm SHA-256: 3eac2aa96934e7858a183f333175f6dfedcb6b704687e7427ee7e194e1efb274 python3.9-debuginfo-3.9.16-1.el9_2.14.aarch64.rpm SHA-256: cb652d525cec5c2a971afee5400ecc0a1a1d9ac93d29f566cdc29c6ccc4f72d9 python3.9-debuginfo-3.9.16-1.el9_2.14.aarch64.rpm SHA-256: cb652d525cec5c2a971afee5400ecc0a1a1d9ac93d29f566cdc29c6ccc4f72d9 python3.9-debugsource-3.9.16-1.el9_2.14.aarch64.rpm SHA-256: 0839488a3d7e1583ed7d946ba9f09ca8b4f22409323527c2e8742aa6bb517321 python3.9-debugsource-3.9.16-1.el9_2.14.aarch64.rpm SHA-256: 0839488a3d7e1583ed7d946ba9f09ca8b4f22409323527c2e8742aa6bb517321 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM python3.9-3.9.16-1.el9_2.14.src.rpm SHA-256: 8ff8a7c6a8790c9a41c0d9150f6b7b81409b77e91ff238776b6995aca6622835 s390x python-unversioned-command-3.9.16-1.el9_2.14.noarch.rpm SHA-256: 7dcd8101a4a18073e9dd7b0ff4648071ac4b4dac44d56928302b82318a36d3f8 python3-3.9.16-1.el9_2.14.s390x.rpm SHA-256: 5a8fefe124c7e1dd31f22cdef7b43108aa6774789d03b9e455a99d1962ac9c32 python3-devel-3.9.16-1.el9_2.14.s390x.rpm SHA-256: 25a8a50661c3abb8d7e326061d0a6a83ee544ecbe3465f82c521209a1c6a7df2 python3-libs-3.9.16-1.el9_2.14.s390x.rpm SHA-256: ac5a1c0c46470d2138abdc0ae7df09