CVE-2026-4519

Published: Mar 20, 2026 Last Modified: Mar 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,7

Source: [email protected]

Attack Vector: local

Attack Complexity: high

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

The webbrowser.open() API would accept leading dashes in the URL which
could be handled as command line options for certain web browsers. New
behavior rejects leading dashes. Users are recommended to sanitize URLs
prior to passing to webbrowser.open().

https://github.com/python/cpython/issues/143930

https://github.com/python/cpython/pull/143931

https://mail.python.org/archives/list/security-announce@pyt…

https://mail.python.org/archives/list/[email protected]/thread/AY5ND…

CVE-2026-4519

Description

Iscriviti alla newsletter