Description

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.

INFO

Published Date :

2026-04-13T21:52:19.036Z

Last Modified :

2026-04-14T14:30:19.762Z

Source :

PSF
AFFECTED PRODUCTS

The following products are affected by CVE-2026-4786 vulnerability.

Vendors Products
Python
  • Cpython
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4786.

URL Resource
https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca cve-icon cve-icon
https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff cve-icon cve-icon
https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769 cve-icon cve-icon
https://github.com/python/cpython/issues/148169 cve-icon cve-icon cve-icon
https://github.com/python/cpython/pull/148170 cve-icon cve-icon cve-icon
https://mail.python.org/archives/list/[email protected]/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/ cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-4786 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-4786 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact