CVE-2026-4786

HIGH

BIT-PYTHON-MIN-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()

Details

CVSS v3: 7.0
CVSS v4: 7.0
NVD published: 2026-04-13 22:16:30
EPSS: <0.1% probability · 3.0th percentile — 2026-04-17
Affected versions: Not available in our cache.
Summary: Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

View on NVD

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.