CVE-2026-4786

Published: Apr 14, 2026 Last Modified: Apr 14, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,0
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: active
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

Mitgation of CVE-2026-4519 was incomplete. If the URL contained '%action' the mitigation could be bypassed for certain browser types the 'webbrowser.open()' API could have commands injected into the underlying shell. See CVE-2026-4519 for details.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0002
Percentile
0,1th
Updated

EPSS Score Trend (Last 3 Days)

77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
https://github.com/python/cpython/commit/c5767a72838a8dda9d…
https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56b…
https://github.com/python/cpython/commit/d22922c8a795835368…
https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03f…
https://github.com/python/cpython/commit/f4654824ae0850ac87…
https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f90574779467…
https://github.com/python/cpython/issues/148169
https://github.com/python/cpython/issues/148169
https://github.com/python/cpython/pull/148170
https://github.com/python/cpython/pull/148170
https://mail.python.org/archives/list/security-announce@pyt…
https://mail.python.org/archives/list/[email protected]/thread/JQDUN…