Red Hat Product Errata RHSA-2026:19571 - Security Advisory Issued: 2026-05-20 Updated: 2026-05-20 RHSA-2026:19571 - Security Advisory Overview Updated Packages Synopsis Important: python3.9 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for python3.9 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100) python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2457932 - CVE-2026-6100 python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules BZ - 2458049 - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API CVEs CVE-2026-4786 CVE-2026-6100 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM python3.9-3.9.10-4.el9_0.11.src.rpm SHA-256: c4cf9fa7ef32db66e2f7908a7744f73ad7d4772abc0516739074ce57d21a4f94 ppc64le python-unversioned-command-3.9.10-4.el9_0.11.noarch.rpm SHA-256: f7f85762f8d9c659dd57a92e6399ef47368a486c9006b262c03255158a554b16 python3-3.9.10-4.el9_0.11.ppc64le.rpm SHA-256: 4415e139009b062cbb5b66a5aca1627c0ba76b3070d7aac2fff17eaef7bb0adc python3-devel-3.9.10-4.el9_0.11.ppc64le.rpm SHA-256: 4134cee404a0c1e06ea61efd059dd6ff6df4c15e6ac08b1f8e860e53bd397416 python3-libs-3.9.10-4.el9_0.11.ppc64le.rpm SHA-256: 5f3ed5c69c68648fd24e1a71a12b6958a960d6c048835e2fb0b32ba86582f9cc python3-tkinter-3.9.10-4.el9_0.11.ppc64le.rpm SHA-256: a1b5184a2e0efd4eb447cec96b48bf20c8abe6013e841c460629c3fb5442f571 python3.9-debuginfo-3.9.10-4.el9_0.11.ppc64le.rpm SHA-256: 80ad40bd3634160f4b3c6142274592694c86ecd71b6266ae2010eab60d348524 python3.9-debuginfo-3.9.10-4.el9_0.11.ppc64le.rpm SHA-256: 80ad40bd3634160f4b3c6142274592694c86ecd71b6266ae2010eab60d348524 python3.9-debugsource-3.9.10-4.el9_0.11.ppc64le.rpm SHA-256: 7917ccc96fce84c610fd3752bc3a4e0b45c6ea232506d0adbf8b5f96cfedeaac python3.9-debugsource-3.9.10-4.el9_0.11.ppc64le.rpm SHA-256: 7917ccc96fce84c610fd3752bc3a4e0b45c6ea232506d0adbf8b5f96cfedeaac Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM python3.9-3.9.10-4.el9_0.11.src.rpm SHA-256: c4cf9fa7ef32db66e2f7908a7744f73ad7d4772abc0516739074ce57d21a4f94 x86_64 python-unversioned-command-3.9.10-4.el9_0.11.noarch.rpm SHA-256: f7f85762f8d9c659dd57a92e6399ef47368a486c9006b262c03255158a554b16 python3-3.9.10-4.el9_0.11.x86_64.rpm SHA-256: 7ec2e6b39e0cf52e793ad6e731de24bc0043975dfaf8706775d7604aef58ace4 python3-devel-3.9.10-4.el9_0.11.i686.rpm SHA-256: 9ba92e360e189ee47330e528d65b12345d9398564997e1acc09f4f232a2b4753 python3-devel-3.9.10-4.el9_0.11.x86_64.rpm SHA-256: c4fb90983a08062f0f6058ac060124bba37e4c1eefaec99655e1ad0bf685f4bd python3-libs-3.9.10-4.el9_0.11.i686.rpm SHA-256: 6d6b601c19f1289249c9ba3350a9b40318f41906e01a9dff55825304713f9fdc python3-libs-3.9.10-4.el9_0.11.x86_64.rpm SHA-256: 0b9b4fb03627db990e55582132887e7139e33c47df3c4b43897d0803b368e04a python3-tkinter-3.9.10-4.el9_0.11.x86_64.rpm SHA-256: 873e5bf133070b2c9aa344b580c72e82f53e42983b2856c99696f848dfbc6b28 python3.9-debuginfo-3.9.10-4.el9_0.11.i686.rpm SHA-256: 45ede8811a8deb77d8cbe95ff9091b2d398bcc82e240029703899a578e22ee48 python3.9-debuginfo-3.9.10-4.el9_0.11.i686.rpm SHA-256: 45ede8811a8deb77d8cbe95ff9091b2d398bcc82e240029703899a578e22ee48 python3.9-debuginfo-3.9.10-4.el9_0.11.x86_64.rpm SHA-256: 28db16844bc532916cad22f7ca8f804a7b0fe6fc74861fe676e23d1a542e7407 python3.9-debuginfo-3.9.10-4.el9_0.11.x86_64.rpm SHA-256: 28db16844bc532916cad22f7ca8f804a7b0fe6fc74861fe676e23d1a542e7407 python3.9-debugsource-3.9.10-4.el9_0.11.i686.rpm SHA-256: 379e7145f35c740598f2ef24a9c8bd13f450f3049fed1cd4e9fd6b34779305d4 python3.9-debugsource-3.9.10-4.el9_0.11.i686.rpm SHA-256: 379e7145f35c740598f2ef24a9c8bd13f450f3049fed1cd4e9fd6b34779305d4 python3.9-debugsource-3.9.10-4.el9_0.11.x86_64.rpm SHA-256: a93501727c87b00a474aee020c1d24fbb02bf3cb29fddea6bf005a014753446f python3.9-debugsource-3.9.10-4.el9_0.11.x86_64.rpm SHA-256: a93501727c87b00a474aee020c1d24fbb02bf3cb29fddea6bf005a014753446f Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM python3.9-3.9.10-4.el9_0.11.src.rpm SHA-256: c4cf9fa7ef32db66e2f7908a7744f73ad7d4772abc0516739074ce57d21a4f94 aarch64 python-unversioned-command-3.9.10-4.el9_0.11.noarch.rpm SHA-256: f7f85762f8d9c659dd57a92e6399ef47368a486c9006b262c03255158a554b16 python3-3.9.10-4.el9_0.11.aarch64.rpm SHA-256: 695949f9c789082d6ba4c440bc581eb86892eeae1285bca10cb3422c406bb5c1 python3-devel-3.9.10-4.el9_0.11.aarch64.rpm SHA-256: 57441b48de87c0246fbf530a320ce0dbb1a293dd69d210a590f4a105fee5f3c6 python3-libs-3.9.10-4.el9_0.11.aarch64.rpm SHA-256: 0502f598a09bc75677e7e653103fb1f9d91a9006be9966086090e955c0738979 python3-tkinter-3.9.10-4.el9_0.11.aarch64.rpm SHA-256: 95612b5786195142337abe090d06e42672c490544cce0aff20a75d39e9631bd1 python3.9-debuginfo-3.9.10-4.el9_0.11.aarch64.rpm SHA-256: dd1468cc9f5465463cdaa67cb02f0656f4f6e789a73e06b325b613f42eb39ecd python3.9-debuginfo-3.9.10-4.el9_0.11.aarch64.rpm SHA-256: dd1468cc9f5465463cdaa67cb02f0656f4f6e789a73e06b325b613f42eb39ecd python3.9-debugsource-3.9.10-4.el9_0.11.aarch64.rpm SHA-256: e8928be2d6c6de5b86a510d2a6be1531f57eb5cc4e68acfadf5a2e64c58602a9 python3.9-debugsource-3.9.10-4.el9_0.11.aarch64.rpm SHA-256: e8928be2d6c6de5b86a510d2a6be1531f57eb5cc4e68acfadf5a2e64c58602a9 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM python3.9-3.9.10-4.el9_0.11.src.rpm SHA-256: c4cf9fa7ef32db66e2f7908a7744f73ad7d4772abc0516739074ce57d21a4f94 s390x python-unversioned-command-3.9.10-4.el9_0.11.noarch.rpm SHA-256: f7f85762f8d9c659dd57a92e6399ef47368a486c9006b262c03255158a554b16 python3-3.9.10-4.el9_0.11.s390x.rpm SHA-256: 525681c530b7af374edc62324e4cc61402b8a8aebe108ba3c50b06650ad719a2 python3-devel-3.9.10-4.el9_0.11.s390x.rpm SHA-256: 3617dfa9b5b5a6c0db28b0e3e872305da95b0b8871a39b7a62df2bbce56c114b python3-libs-3.9.10-4.el9_0.11.s390x.rpm SHA-256: 3765a3df28abff94e1092600bba48c79f1bd36354609afc4f14e44f28620c752 python3-tkinter-3.9.10-4.el9_0.11.s390x.rpm SHA-256: 6dd158baba3120e59a5c91354f26620241237302df2e500a80938b70ca1f20b8 python3.9-debuginfo-3.9.10-4.el9_0.11.s390x.rpm SHA-256: 946df0a1d63e2f3f049d46ec5f63093b5595cd9f25fcaccbee49c872b8489203 python3.9-debuginfo-3.9.10-4.el9_0.11.s390x.rpm SHA-256: 946df0a1d63e2f3f049d46ec5f63093b5595cd9f25fcaccbee49c872b8489203 python3.9-debugsource-3.9.10-4.el9_0.11.s390x.rpm SHA-256: 19542880b1e9b8aaa23671a269a3abc7fc1a13a35b9a87ebb4fc501a9f7c73dc python3.9-debugsource-3.9.10-4.el9_0.11.s390x.rpm SHA-256: 19542880b1e9b8aaa23671a269a3abc7fc1a13a35b9a87ebb4fc501a9f7c73dc The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .