Low severity3.3NVD Advisory· Published Mar 20, 2026· Updated Apr 16, 2026
CVE-2026-4519
CVE-2026-4519
Description
The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().
Affected products
8cpe:2.3:a:python:python:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*range: <3.13.13
- cpe:2.3:a:python:python:3.15.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.15.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.15.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.15.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.15.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.15.0:alpha6:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.15.0:alpha7:*:*:*:*:*:*
Patches
123681d47a4408https://github.com/python/cpythonvia nvd-ref
43fe06b96f6ahttps://github.com/python/cpythonvia nvd-ref
591ed890270chttps://github.com/python/cpythonvia nvd-ref
594b5a05dc99https://github.com/python/cpythonvia nvd-ref
82a24a444231https://github.com/python/cpythonvia nvd-ref
89bfb8e5ed3chttps://github.com/python/cpythonvia nvd-ref
9669a912a0e3https://github.com/python/cpythonvia nvd-ref
96fc50486058https://github.com/python/cpythonvia nvd-ref
ad4d5ba32af4https://github.com/python/cpythonvia nvd-ref
cbba61193911https://github.com/python/cpythonvia nvd-ref
cc023511238ahttps://github.com/python/cpythonvia nvd-ref
ceac1efc6651https://github.com/python/cpythonvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270ddnvdPatch
- github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866nvdPatch
- github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73envdPatch
- github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1nvdPatch
- github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02bnvdPatch
- github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4nvdPatch
- github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76nvdPatch
- github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96cnvdPatch
- github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5nvdPatch
- github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48nvdPatch
- github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932nvdPatch
- github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03nvdPatch
- github.com/python/cpython/issues/143930nvdIssue TrackingPatch
- github.com/python/cpython/pull/143931nvdIssue TrackingPatch
- www.openwall.com/lists/oss-security/2026/03/20/1nvdMailing ListThird Party Advisory
- mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/nvdVendor Advisory
News mentions
0No linked articles in our index yet.