Bug 2458049 (CVE-2026-4786) - CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
Summary: CVE-2026-4786 python: cpython: Python: Arbitrary code execution via command i...
Keywords:
Status: NEW
Alias: CVE-2026-4786
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2458216 2458217 2458218 2458220 2458223 2458225 2458219 2458221 2458222 2458224 2458226 2458227
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-13 22:02 UTC by OSIDB Bzimport
Modified: 2026-05-14 14:50 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:11277 0 None None None 2026-04-28 01:29:36 UTC
Red Hat Product Errata RHBA-2026:11357 0 None None None 2026-04-28 13:10:11 UTC
Red Hat Product Errata RHBA-2026:11717 0 None None None 2026-04-29 13:00:49 UTC
Red Hat Product Errata RHBA-2026:12342 0 None None None 2026-04-30 14:34:57 UTC
Red Hat Product Errata RHBA-2026:12484 0 None None None 2026-04-30 19:05:53 UTC
Red Hat Product Errata RHBA-2026:13621 0 None None None 2026-05-05 10:44:15 UTC
Red Hat Product Errata RHSA-2026:10711 0 None None None 2026-04-27 01:55:28 UTC
Red Hat Product Errata RHSA-2026:10745 0 None None None 2026-04-27 09:38:53 UTC
Red Hat Product Errata RHSA-2026:10774 0 None None None 2026-04-27 12:31:44 UTC
Red Hat Product Errata RHSA-2026:10949 0 None None None 2026-04-27 14:42:58 UTC
Red Hat Product Errata RHSA-2026:10950 0 None None None 2026-04-27 14:54:52 UTC
Red Hat Product Errata RHSA-2026:11062 0 None None None 2026-04-27 20:58:02 UTC
Red Hat Product Errata RHSA-2026:11077 0 None None None 2026-04-27 21:11:01 UTC
Red Hat Product Errata RHSA-2026:13692 0 None None None 2026-05-05 11:12:56 UTC
Red Hat Product Errata RHSA-2026:13812 0 None None None 2026-05-05 17:49:55 UTC
Red Hat Product Errata RHSA-2026:14652 0 None None None 2026-05-07 04:45:37 UTC
Red Hat Product Errata RHSA-2026:14653 0 None None None 2026-05-07 04:42:03 UTC
Red Hat Product Errata RHSA-2026:14656 0 None None None 2026-05-07 05:15:44 UTC
Red Hat Product Errata RHSA-2026:16699 0 None None None 2026-05-13 01:56:55 UTC
Red Hat Product Errata RHSA-2026:17525 0 None None None 2026-05-14 11:03:09 UTC
Red Hat Product Errata RHSA-2026:17619 0 None None None 2026-05-14 14:50:15 UTC

Description OSIDB Bzimport 2026-04-13 22:02:01 UTC 
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
Comment 8 errata-xmlrpc 2026-04-27 01:55:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:10711 https://access.redhat.com/errata/RHSA-2026:10711
Comment 9 errata-xmlrpc 2026-04-27 09:38:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:10745 https://access.redhat.com/errata/RHSA-2026:10745
Comment 10 errata-xmlrpc 2026-04-27 12:31:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:10774 https://access.redhat.com/errata/RHSA-2026:10774
Comment 11 errata-xmlrpc 2026-04-27 14:42:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:10949 https://access.redhat.com/errata/RHSA-2026:10949
Comment 12 errata-xmlrpc 2026-04-27 14:54:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:10950 https://access.redhat.com/errata/RHSA-2026:10950
Comment 13 errata-xmlrpc 2026-04-27 20:57:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11062 https://access.redhat.com/errata/RHSA-2026:11062
Comment 14 errata-xmlrpc 2026-04-27 21:11:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:11077 https://access.redhat.com/errata/RHSA-2026:11077
Comment 18 errata-xmlrpc 2026-05-05 11:12:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:13692 https://access.redhat.com/errata/RHSA-2026:13692
Comment 19 errata-xmlrpc 2026-05-05 17:49:54 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812
Comment 20 errata-xmlrpc 2026-05-07 04:42:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:14653 https://access.redhat.com/errata/RHSA-2026:14653
Comment 21 errata-xmlrpc 2026-05-07 04:45:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:14652 https://access.redhat.com/errata/RHSA-2026:14652
Comment 22 errata-xmlrpc 2026-05-07 05:15:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:14656 https://access.redhat.com/errata/RHSA-2026:14656
Comment 25 errata-xmlrpc 2026-05-13 01:56:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:16699 https://access.redhat.com/errata/RHSA-2026:16699
Comment 26 errata-xmlrpc 2026-05-14 11:03:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:17525 https://access.redhat.com/errata/RHSA-2026:17525
Comment 27 errata-xmlrpc 2026-05-14 14:50:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:17619 https://access.redhat.com/errata/RHSA-2026:17619
Note You need to log in before you can comment on or make changes to this bug.