CPython: Mehrere Schwachstellen
Python ist eine universelle, üblicherweise interpretierte, höhere Programmiersprache.
AI Analysis
Technical Summary
This advisory covers two security vulnerabilities in python3 on Red Hat Enterprise Linux 8.4. CVE-2026-6100 involves a use-after-free flaw in decompression modules that may allow arbitrary code execution or information disclosure. CVE-2026-4786 is a command injection vulnerability in the webbrowser.open() API that could lead to arbitrary code execution. Red Hat has released updated python3 packages to address these issues. The vulnerabilities are classified under CWE-88 (Injection) and CWE-825 (Use After Free). No CVSS scores are provided in the advisory, but the severity is rated as important (high).
Potential Impact
Successful exploitation of CVE-2026-6100 could allow an attacker to execute arbitrary code or disclose sensitive information due to a use-after-free vulnerability in decompression modules. CVE-2026-4786 could enable arbitrary code execution through command injection in the webbrowser.open() API. These impacts could compromise system integrity and confidentiality on affected Red Hat Enterprise Linux 8.4 systems running vulnerable python3 versions. There are no known active exploits in the wild.
Mitigation Recommendations
Red Hat has released updated python3 packages for Red Hat Enterprise Linux 8.4 that address these vulnerabilities. Users should apply the official security update as described in the Red Hat advisory RHSA-2026:19590 and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. Patch status is confirmed as fixed by the vendor. No additional mitigation steps are indicated by Red Hat.
CPython: Mehrere Schwachstellen
Description
Python ist eine universelle, üblicherweise interpretierte, höhere Programmiersprache.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two security vulnerabilities in python3 on Red Hat Enterprise Linux 8.4. CVE-2026-6100 involves a use-after-free flaw in decompression modules that may allow arbitrary code execution or information disclosure. CVE-2026-4786 is a command injection vulnerability in the webbrowser.open() API that could lead to arbitrary code execution. Red Hat has released updated python3 packages to address these issues. The vulnerabilities are classified under CWE-88 (Injection) and CWE-825 (Use After Free). No CVSS scores are provided in the advisory, but the severity is rated as important (high).
Potential Impact
Successful exploitation of CVE-2026-6100 could allow an attacker to execute arbitrary code or disclose sensitive information due to a use-after-free vulnerability in decompression modules. CVE-2026-4786 could enable arbitrary code execution through command injection in the webbrowser.open() API. These impacts could compromise system integrity and confidentiality on affected Red Hat Enterprise Linux 8.4 systems running vulnerable python3 versions. There are no known active exploits in the wild.
Mitigation Recommendations
Red Hat has released updated python3 packages for Red Hat Enterprise Linux 8.4 that address these vulnerabilities. Users should apply the official security update as described in the Red Hat advisory RHSA-2026:19590 and the referenced article https://access.redhat.com/articles/11258 to remediate these issues. Patch status is confirmed as fixed by the vendor. No additional mitigation steps are indicated by Red Hat.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:19590
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-6100"]
- Cvss Version
- null
Threat ID: 6a175eeee29bf47b50edca04
Added to database: 5/27/2026, 9:15:26 PM
Last enriched: 5/27/2026, 9:21:35 PM
Last updated: 5/29/2026, 7:51:55 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.