Red Hat Product Errata RHSA-2026:19590 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19590 - Security Advisory Overview Updated Packages Synopsis Important: python3 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64 Red Hat Enterprise Linux Server - AUS 8.4 x86_64 Fixes BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 SRPM python3-3.6.8-39.el8_4.11.src.rpm SHA-256: 61b7ca5ace417b13914d4b422a695f7e9c364d94bacc8bb103a6058ea68d04b0 x86_64 platform-python-3.6.8-39.el8_4.11.i686.rpm SHA-256: 8955e51d953d30b53419dc53b3182f26cffbe063ca5382319914e64073b25301 platform-python-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 4b3e191ecfc9760e68a7f9b9923ffd741818cfe711b6f7eed3389be716d68f62 platform-python-debug-3.6.8-39.el8_4.11.i686.rpm SHA-256: d69842a268c80134499a3a4beaff9eee78d82f187d55276f0082f19e54999456 platform-python-debug-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: be605808eaf49d190af7f6df1111d29f0c90463b371239bf0a751bf41c89aacd platform-python-devel-3.6.8-39.el8_4.11.i686.rpm SHA-256: ffabf2768f7a648879ecb8246dc500846203a4fb6de47f08312301cf69c80600 platform-python-devel-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 349c41ecaaac315c74d1a82050ee5ca75fe16a3568bbe44fb92ce872fabf87b0 python3-debuginfo-3.6.8-39.el8_4.11.i686.rpm SHA-256: e0ae916c9b7f31e653a697a2d3435aa60ca8c676490bb5513c03a219cd9bc628 python3-debuginfo-3.6.8-39.el8_4.11.i686.rpm SHA-256: e0ae916c9b7f31e653a697a2d3435aa60ca8c676490bb5513c03a219cd9bc628 python3-debuginfo-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 1f59f55bdbd4ca08c7af24b44e909dbf05b9c36d169996bb6e3ccf5d01fd0590 python3-debuginfo-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 1f59f55bdbd4ca08c7af24b44e909dbf05b9c36d169996bb6e3ccf5d01fd0590 python3-debugsource-3.6.8-39.el8_4.11.i686.rpm SHA-256: faed02e7ad68ac017e08a3c23a624d648dcff39d63101d87881535d1460f9689 python3-debugsource-3.6.8-39.el8_4.11.i686.rpm SHA-256: faed02e7ad68ac017e08a3c23a624d648dcff39d63101d87881535d1460f9689 python3-debugsource-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: eab8e42880720fd31d5044f72a654f976d9b93ec10c11ace62fb6f158cbfd686 python3-debugsource-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: eab8e42880720fd31d5044f72a654f976d9b93ec10c11ace62fb6f158cbfd686 python3-idle-3.6.8-39.el8_4.11.i686.rpm SHA-256: 48a65941b3898ad0e413728ddef635677cf60e8a3871b5a1ba3ef230389fa658 python3-idle-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 831ae366cce5f66fdae7ad5c862d0438e9fa2a6e8f549ebb7fc0897da89bb62a python3-libs-3.6.8-39.el8_4.11.i686.rpm SHA-256: 572bcb570bac455acf250fc474fc1d524aab9112f60f9c14f3572d17c182f4f9 python3-libs-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 49d866758c1a5bf583af196adf56bddeffe02746b31b8ea343457427f6ac5b24 python3-test-3.6.8-39.el8_4.11.i686.rpm SHA-256: b97303ab64206cb9f58ac33e0359baaedf43b8fe84f96859c7bebf634e085d4d python3-test-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: aab7e88473bb1e062e893c9a4465105f568feda1e80eb0441b4e8f4793129c43 python3-tkinter-3.6.8-39.el8_4.11.i686.rpm SHA-256: 3110e4c0080d80d0c112eb72a57f03d27ab5e3b1b79ab3ba478dea43db903b75 python3-tkinter-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 18dd15a834e49b9fdca93d2f2f299a0142984801c260224213b5c4f75238f164 Red Hat Enterprise Linux Server - AUS 8.4 SRPM python3-3.6.8-39.el8_4.11.src.rpm SHA-256: 61b7ca5ace417b13914d4b422a695f7e9c364d94bacc8bb103a6058ea68d04b0 x86_64 platform-python-3.6.8-39.el8_4.11.i686.rpm SHA-256: 8955e51d953d30b53419dc53b3182f26cffbe063ca5382319914e64073b25301 platform-python-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 4b3e191ecfc9760e68a7f9b9923ffd741818cfe711b6f7eed3389be716d68f62 platform-python-debug-3.6.8-39.el8_4.11.i686.rpm SHA-256: d69842a268c80134499a3a4beaff9eee78d82f187d55276f0082f19e54999456 platform-python-debug-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: be605808eaf49d190af7f6df1111d29f0c90463b371239bf0a751bf41c89aacd platform-python-devel-3.6.8-39.el8_4.11.i686.rpm SHA-256: ffabf2768f7a648879ecb8246dc500846203a4fb6de47f08312301cf69c80600 platform-python-devel-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 349c41ecaaac315c74d1a82050ee5ca75fe16a3568bbe44fb92ce872fabf87b0 python3-debuginfo-3.6.8-39.el8_4.11.i686.rpm SHA-256: e0ae916c9b7f31e653a697a2d3435aa60ca8c676490bb5513c03a219cd9bc628 python3-debuginfo-3.6.8-39.el8_4.11.i686.rpm SHA-256: e0ae916c9b7f31e653a697a2d3435aa60ca8c676490bb5513c03a219cd9bc628 python3-debuginfo-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 1f59f55bdbd4ca08c7af24b44e909dbf05b9c36d169996bb6e3ccf5d01fd0590 python3-debuginfo-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 1f59f55bdbd4ca08c7af24b44e909dbf05b9c36d169996bb6e3ccf5d01fd0590 python3-debugsource-3.6.8-39.el8_4.11.i686.rpm SHA-256: faed02e7ad68ac017e08a3c23a624d648dcff39d63101d87881535d1460f9689 python3-debugsource-3.6.8-39.el8_4.11.i686.rpm SHA-256: faed02e7ad68ac017e08a3c23a624d648dcff39d63101d87881535d1460f9689 python3-debugsource-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: eab8e42880720fd31d5044f72a654f976d9b93ec10c11ace62fb6f158cbfd686 python3-debugsource-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: eab8e42880720fd31d5044f72a654f976d9b93ec10c11ace62fb6f158cbfd686 python3-idle-3.6.8-39.el8_4.11.i686.rpm SHA-256: 48a65941b3898ad0e413728ddef635677cf60e8a3871b5a1ba3ef230389fa658 python3-idle-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 831ae366cce5f66fdae7ad5c862d0438e9fa2a6e8f549ebb7fc0897da89bb62a python3-libs-3.6.8-39.el8_4.11.i686.rpm SHA-256: 572bcb570bac455acf250fc474fc1d524aab9112f60f9c14f3572d17c182f4f9 python3-libs-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 49d866758c1a5bf583af196adf56bddeffe02746b31b8ea343457427f6ac5b24 python3-test-3.6.8-39.el8_4.11.i686.rpm SHA-256: b97303ab64206cb9f58ac33e0359baaedf43b8fe84f96859c7bebf634e085d4d python3-test-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: aab7e88473bb1e062e893c9a4465105f568feda1e80eb0441b4e8f4793129c43 python3-tkinter-3.6.8-39.el8_4.11.i686.rpm SHA-256: 3110e4c0080d80d0c112eb72a57f03d27ab5e3b1b79ab3ba478dea43db903b75 python3-tkinter-3.6.8-39.el8_4.11.x86_64.rpm SHA-256: 18dd15a834e49b9fdca93d2f2f299a0142984801c260224213b5c4f75238f164 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .