Red Hat Product Errata RHSA-2026:19576 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19576 - Security Advisory Overview Updated Packages Synopsis Important: python3.9 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.9 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM python3.9-3.9.21-2.el9_6.6.src.rpm SHA-256: cc6144d18435aa1430e71d40bfed83cb75ffede9d91ee6588db6443964e339e9 x86_64 python-unversioned-command-3.9.21-2.el9_6.6.noarch.rpm SHA-256: c662b1ec0e0ef79e19a58b1338cf23b357aafac059db78b23401bf52caeea4ba python3-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: 49d043523791d446f8928d76095d5e583c3d01c33c44f1298e6423f8181a201d python3-devel-3.9.21-2.el9_6.6.i686.rpm SHA-256: a8e9f4339c5a2646a75310b86eab8dc6f2c558637b20a3b507415c34dd07e9f1 python3-devel-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: d460ccf0e662f7b46944c0ea4451d18a23cc40f4dc6c93bcecfb665b76f0b1c1 python3-libs-3.9.21-2.el9_6.6.i686.rpm SHA-256: 019e2a8795ec415ceb6285f8edd3c7acb5b663b057c188b3938eff3d9dfa5036 python3-libs-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: e44f834e341053b4cef04afa81b75e8e51a4af955c5f6db781cc02e10f08718e python3-tkinter-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: 733063dfd020de03b297aa9f451edcef20380b5bfbb864c39f7fc7e88e78f77f python3.9-debuginfo-3.9.21-2.el9_6.6.i686.rpm SHA-256: a89b7faa6a1b9bd785f9c1c4776548f1749ba79d97dcc8441ecf6d9b820d7277 python3.9-debuginfo-3.9.21-2.el9_6.6.i686.rpm SHA-256: a89b7faa6a1b9bd785f9c1c4776548f1749ba79d97dcc8441ecf6d9b820d7277 python3.9-debuginfo-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: 8eabb89591f59c2a7050038416a776f774e1aa36ab85b91fa12576ddb666f3e1 python3.9-debuginfo-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: 8eabb89591f59c2a7050038416a776f774e1aa36ab85b91fa12576ddb666f3e1 python3.9-debugsource-3.9.21-2.el9_6.6.i686.rpm SHA-256: 73647628e20046206f60d99cb319e69162cfe0376ce4aee09e71dee5ae59d084 python3.9-debugsource-3.9.21-2.el9_6.6.i686.rpm SHA-256: 73647628e20046206f60d99cb319e69162cfe0376ce4aee09e71dee5ae59d084 python3.9-debugsource-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: b504fa618dc88c730a0956965d160ac5067057aabdd271812f4ff54568a7223c python3.9-debugsource-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: b504fa618dc88c730a0956965d160ac5067057aabdd271812f4ff54568a7223c Red Hat Enterprise Linux Server - AUS 9.6 SRPM python3.9-3.9.21-2.el9_6.6.src.rpm SHA-256: cc6144d18435aa1430e71d40bfed83cb75ffede9d91ee6588db6443964e339e9 x86_64 python-unversioned-command-3.9.21-2.el9_6.6.noarch.rpm SHA-256: c662b1ec0e0ef79e19a58b1338cf23b357aafac059db78b23401bf52caeea4ba python3-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: 49d043523791d446f8928d76095d5e583c3d01c33c44f1298e6423f8181a201d python3-devel-3.9.21-2.el9_6.6.i686.rpm SHA-256: a8e9f4339c5a2646a75310b86eab8dc6f2c558637b20a3b507415c34dd07e9f1 python3-devel-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: d460ccf0e662f7b46944c0ea4451d18a23cc40f4dc6c93bcecfb665b76f0b1c1 python3-libs-3.9.21-2.el9_6.6.i686.rpm SHA-256: 019e2a8795ec415ceb6285f8edd3c7acb5b663b057c188b3938eff3d9dfa5036 python3-libs-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: e44f834e341053b4cef04afa81b75e8e51a4af955c5f6db781cc02e10f08718e python3-tkinter-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: 733063dfd020de03b297aa9f451edcef20380b5bfbb864c39f7fc7e88e78f77f python3.9-debuginfo-3.9.21-2.el9_6.6.i686.rpm SHA-256: a89b7faa6a1b9bd785f9c1c4776548f1749ba79d97dcc8441ecf6d9b820d7277 python3.9-debuginfo-3.9.21-2.el9_6.6.i686.rpm SHA-256: a89b7faa6a1b9bd785f9c1c4776548f1749ba79d97dcc8441ecf6d9b820d7277 python3.9-debuginfo-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: 8eabb89591f59c2a7050038416a776f774e1aa36ab85b91fa12576ddb666f3e1 python3.9-debuginfo-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: 8eabb89591f59c2a7050038416a776f774e1aa36ab85b91fa12576ddb666f3e1 python3.9-debugsource-3.9.21-2.el9_6.6.i686.rpm SHA-256: 73647628e20046206f60d99cb319e69162cfe0376ce4aee09e71dee5ae59d084 python3.9-debugsource-3.9.21-2.el9_6.6.i686.rpm SHA-256: 73647628e20046206f60d99cb319e69162cfe0376ce4aee09e71dee5ae59d084 python3.9-debugsource-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: b504fa618dc88c730a0956965d160ac5067057aabdd271812f4ff54568a7223c python3.9-debugsource-3.9.21-2.el9_6.6.x86_64.rpm SHA-256: b504fa618dc88c730a0956965d160ac5067057aabdd271812f4ff54568a7223c Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM python3.9-3.9.21-2.el9_6.6.src.rpm SHA-256: cc6144d18435aa1430e71d40bfed83cb75ffede9d91ee6588db6443964e339e9 s390x python-unversioned-command-3.9.21-2.el9_6.6.noarch.rpm SHA-256: c662b1ec0e0ef79e19a58b1338cf23b357aafac059db78b23401bf52caeea4ba python3-3.9.21-2.el9_6.6.s390x.rpm SHA-256: 23ddebe81925d02f8e0b597406b6e283d8050f2f9b49477dc9c6d891a20260c2 python3-devel-3.9.21-2.el9_6.6.s390x.rpm SHA-256: 79d564610508efd6b62029b1139b49ce6881e128d167924d81db20c9f562dbf2 python3-libs-3.9.21-2.el9_6.6.s390x.rpm SHA-256: 8cd4d425a9b7c97b8c77dcb55bf45b2dbc1c684612583dcf7b24a7c33518829c python3-tkinter-3.9.21-2.el9_6.6.s390x.rpm SHA-256: f1f01f623f39f494149cc50905f1a4dea73d8eec78dd33491a06ad20179b1e86 python3.9-debuginfo-3.9.21-2.el9_6.6.s390x.rpm SHA-256: 83f06c8bcc50123c7ff9abec58234ca28aba9459035d6176b4ab2886185782d7 python3.9-debuginfo-3.9.21-2.el9_6.6.s390x.rpm SHA-256: 83f06c8bcc50123c7ff9abec58234ca28aba9459035d6176b4ab2886185782d7 python3.9-debugsource-3.9.21-2.el9_6.6.s390x.rpm SHA-256: 0a4eb76f790bc3bfc492cf0b37f34ed668461592d2c37bd244eaf1a84efc9c88 python3.9-debugsource-3.9.21-2.el9_6.6.s390x.rpm SHA-256: 0a4eb76f790bc3bfc492cf0b37f34ed668461592d2c37bd244eaf1a84efc9c88 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM python3.9-3.9.21-2.el9_6.6.src.rpm SHA-256: cc6144d18435aa1430e71d40bfed83cb75ffede9d91ee6588db6443964e339e9 ppc64le python-unversioned-command-3.9.21-2.el9_6.6.noarch.rpm SHA-256: c662b1ec0e0ef79e19a58b1338cf23b357aafac059db78b23401bf52caeea4ba python3-3.9.21-2.el9_6.6.ppc64le.rpm SHA-256: c151bf35f794549930f1d6206e9bd93a5d592af77861ca8592ef3e485b4f3313 python3-devel-3.9.21-2.el9_6.6.ppc64le.rpm SHA-256: b18b6fc240caaab1e99afbe835a92e417198ea30272da1de9f4ff166dc806ecd python3-libs-3.9.21-2.el9_6.6.ppc64le.rpm SHA-256: 498238cf72ebcf957d841a9acfa2fcebfba19fab93a9db6e849935a13e91a2ea python3-tkinter-3.9.21-2.el9_6.6.ppc64le.rpm SHA-256: c6d4fe92b4e1e4061e3b523510064fa14d71cbc3622d227442822e02a2de1ff2 python3.9-debuginfo-3.9.21-2.el9_6.6.ppc64le.rpm SHA-256: 3a43ff71f8b089eac546b004eb263586bafaa6849df54da1494661bcd44fd925 python3.9-debuginfo-3.9.21-2.el9_6.6.ppc64le.rpm SHA-256: 3a43ff71f8b089eac546b004eb263586bafaa6849df54da1494661bcd44fd925 python3.9-debugsource-3.9.21-2.el9_6.6.ppc64le.rpm SHA-256: 541052770f7e5987edeb2214329164bf3717b74622599a0fadd2b0a1a6fab7e2 python3.9-debugsource-3.9.21-2.el9_6.6.ppc64le.rpm SHA-256: 541052770f7e5987edeb2214329164bf3717b74622599a0fadd2b0a1a6fab7e2 Red Hat Enterprise Linux for ARM 64 - Extended Updat