CVE-2026-4519
webbrowser.open() allows leading dashes in URLs
Description
The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().
INFO
Published Date :
March 20, 2026, 3:16 p.m.
Last Modified :
June 30, 2026, 3:20 a.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2026-4519
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||||
| CVSS 3.1 | LOW | [email protected] | ||||
| CVSS 3.1 | HIGH | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | ||||
| CVSS 4.0 | MEDIUM | 28c92f92-d60d-412d-b760-e73465c3df22 | ||||
| CVSS 4.0 | MEDIUM | [email protected] | ||||
| CVSS 4.0 | HIGH | [email protected] |
Solution
- Sanitize input URLs before calling webbrowser.open().
- Update to a version that properly handles leading dashes.
- Avoid passing URLs with leading dashes.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-4519.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-4519 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-4519
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-4519 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-4519 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Jun. 30, 2026
Action Type Old Value New Value Added Affected [{'cpes': ['cpe:/o:redhat:rhel_els:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_els:6'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_els:7'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux Server Optional (v. 7 ELS)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhosemc:1.0::el8'], 'vendor': 'Red Hat', 'product': 'Middleware Containers for OpenShift', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v. 8.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus_long_life:8.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_aus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_tus:8.8::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.0::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_e4s:9.2::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::appstream'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AppStream (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.2::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v. 8.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus_long_life:8.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_aus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS AUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_tus:8.8::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS TUS (v.8.8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.0::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_e4s:9.2::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS E4S (v.9.2)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.4::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:rhel_eus:9.6::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:9::baseos'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux BaseOS (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux_eus:10.0'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:10.1', 'cpe:/o:redhat:enterprise_linux:10.2'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:8::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CRB (v. 8)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.4::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.4)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhel_eus:9.6::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat CodeReady Linux Builder EUS (v.9.6)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux:9::crb'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3.2::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server 3.2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:ai_inference_server:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat AI Inference Server 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:discovery:2::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Discovery 2', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:enterprise_linux_ai:3.3::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux AI 3.3', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:hummingbird:1'], 'vendor': 'Red Hat', 'product': 'Red Hat Hardened Images', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/a:redhat:rhui:5::el9'], 'vendor': 'Red Hat', 'product': 'Red Hat Update Infrastructure 5', 'defaultStatus': 'affected'}, {'cpes': ['cpe:/o:redhat:enterprise_linux:8'], 'vendor': 'Red Hat', 'product': 'Red Hat Enterprise Linux 8', 'defaultStatus': 'unaffected'}] Added CVSS V3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L Added CWE CWE-88 Added Reference https://access.redhat.com/errata/RHSA-2026:10065 Added Reference https://access.redhat.com/errata/RHSA-2026:10101 Added Reference https://access.redhat.com/errata/RHSA-2026:10102 Added Reference https://access.redhat.com/errata/RHSA-2026:10111 Added Reference https://access.redhat.com/errata/RHSA-2026:10140 Added Reference https://access.redhat.com/errata/RHSA-2026:10141 Added Reference https://access.redhat.com/errata/RHSA-2026:13812 Added Reference https://access.redhat.com/errata/RHSA-2026:16008 Added Reference https://access.redhat.com/errata/RHSA-2026:16009 Added Reference https://access.redhat.com/errata/RHSA-2026:16030 Added Reference https://access.redhat.com/errata/RHSA-2026:16174 Added Reference https://access.redhat.com/errata/RHSA-2026:19019 Added Reference https://access.redhat.com/errata/RHSA-2026:19064 Added Reference https://access.redhat.com/errata/RHSA-2026:19175 Added Reference https://access.redhat.com/errata/RHSA-2026:19176 Added Reference https://access.redhat.com/errata/RHSA-2026:19177 Added Reference https://access.redhat.com/errata/RHSA-2026:19216 Added Reference https://access.redhat.com/errata/RHSA-2026:19724 Added Reference https://access.redhat.com/errata/RHSA-2026:19725 Added Reference https://access.redhat.com/errata/RHSA-2026:21275 Added Reference https://access.redhat.com/errata/RHSA-2026:25096 Added Reference https://access.redhat.com/errata/RHSA-2026:6016 Added Reference https://access.redhat.com/errata/RHSA-2026:6035 Added Reference https://access.redhat.com/errata/RHSA-2026:6256 Added Reference https://access.redhat.com/errata/RHSA-2026:6281 Added Reference https://access.redhat.com/errata/RHSA-2026:6283 Added Reference https://access.redhat.com/errata/RHSA-2026:6285 Added Reference https://access.redhat.com/errata/RHSA-2026:6286 Added Reference https://access.redhat.com/errata/RHSA-2026:6473 Added Reference https://access.redhat.com/errata/RHSA-2026:6766 Added Reference https://access.redhat.com/errata/RHSA-2026:7010 Added Reference https://access.redhat.com/errata/RHSA-2026:7244 Added Reference https://access.redhat.com/errata/RHSA-2026:7329 Added Reference https://access.redhat.com/errata/RHSA-2026:7335 Added Reference https://access.redhat.com/errata/RHSA-2026:7443 Added Reference https://access.redhat.com/errata/RHSA-2026:7661 Added Reference https://access.redhat.com/errata/RHSA-2026:8746 Added Reference https://access.redhat.com/errata/RHSA-2026:8747 Added Reference https://access.redhat.com/errata/RHSA-2026:8748 Added Reference https://access.redhat.com/errata/RHSA-2026:9042 Added Reference https://access.redhat.com/errata/RHSA-2026:9260 Added Reference https://access.redhat.com/errata/RHSA-2026:9261 Added Reference https://access.redhat.com/errata/RHSA-2026:9262 Added Reference https://access.redhat.com/errata/RHSA-2026:9289 Added Reference https://access.redhat.com/errata/RHSA-2026:9354 Added Reference https://access.redhat.com/errata/RHSA-2026:9386 Added Reference https://access.redhat.com/errata/RHSA-2026:9387 Added Reference https://access.redhat.com/errata/RHSA-2026:9591 Added Reference https://access.redhat.com/errata/RHSA-2026:9614 Added Reference https://access.redhat.com/errata/RHSA-2026:9621 Added Reference https://access.redhat.com/errata/RHSA-2026:9705 Added Reference https://access.redhat.com/errata/RHSA-2026:9745 Added Reference https://access.redhat.com/security/cve/CVE-2026-4519 Added Reference https://bugzilla.redhat.com/show_bug.cgi?id=2449649 Added Reference https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4519.json -
CVE Modified by [email protected]
Jun. 17, 2026
Action Type Old Value New Value Added Affected [{'repo': 'https://github.com/python/cpython', 'vendor': 'Python Software Foundation', 'modules': ['webbrowser'], 'product': 'CPython', 'versions': [{'status': 'affected', 'version': '0', 'lessThan': '3.13.13', 'versionType': 'python'}, {'status': 'affected', 'version': '3.14.0', 'lessThan': '3.14.4', 'versionType': 'python'}, {'status': 'affected', 'version': '3.15.0a1', 'lessThan': '3.15.0a8', 'versionType': 'python'}], 'defaultStatus': 'unaffected'}] -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Jun. 17, 2026
Action Type Old Value New Value Added SSVC {'id': 'CVE-2026-4519', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-03-25T14:30:47.809505Z'} -
Initial Analysis by [email protected]
Apr. 16, 2026
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Added CPE Configuration OR *cpe:2.3:a:python:python:3.15.0:alpha1:*:*:*:*:*:* *cpe:2.3:a:python:python:3.15.0:alpha2:*:*:*:*:*:* *cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions up to (excluding) 3.13.13 *cpe:2.3:a:python:python:*:*:*:*:*:*:*:* versions from (including) 3.14.0 up to (excluding) 3.14.4 *cpe:2.3:a:python:python:3.15.0:alpha3:*:*:*:*:*:* *cpe:2.3:a:python:python:3.15.0:alpha4:*:*:*:*:*:* *cpe:2.3:a:python:python:3.15.0:alpha5:*:*:*:*:*:* *cpe:2.3:a:python:python:3.15.0:alpha6:*:*:*:*:*:* *cpe:2.3:a:python:python:3.15.0:alpha7:*:*:*:*:*:* Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866 Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1 Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4 Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76 Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5 Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48 Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932 Types: Patch Added Reference Type CVE: http://www.openwall.com/lists/oss-security/2026/03/20/1 Types: Mailing List, Third Party Advisory Added Reference Type Python Software Foundation: https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03 Types: Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/issues/143930 Types: Issue Tracking, Patch Added Reference Type Python Software Foundation: https://github.com/python/cpython/pull/143931 Types: Issue Tracking, Patch Added Reference Type Python Software Foundation: https://mail.python.org/archives/list/[email protected]/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/ Types: Vendor Advisory -
CVE Modified by [email protected]
Apr. 07, 2026
Action Type Old Value New Value Added Reference https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd Added Reference https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e Added Reference https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1 Added Reference https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4 Added Reference https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c Added Reference https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932 -
CVE Modified by [email protected]
Mar. 25, 2026
Action Type Old Value New Value Added Reference https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Mar. 25, 2026
Action Type Old Value New Value Added CWE CWE-20 -
CVE Modified by [email protected]
Mar. 24, 2026
Action Type Old Value New Value Added Reference https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866 Added Reference https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b Added Reference https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76 Added Reference https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5 Added Reference https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03 -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Mar. 20, 2026
Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2026/03/20/1 -
CVE Modified by [email protected]
Mar. 20, 2026
Action Type Old Value New Value Added CVSS V4.0 AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Removed CVSS V4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X -
New CVE Received by [email protected]
Mar. 20, 2026
Action Type Old Value New Value Added Description The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open(). Added CVSS V4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added Reference https://github.com/python/cpython/issues/143930 Added Reference https://github.com/python/cpython/pull/143931 Added Reference https://mail.python.org/archives/list/[email protected]/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/