Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fy55-615v-fyfs
Vulnerability ID VCID-fy55-615v-fyfs
Aliases CVE-2026-4786
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.4
Risk 3.2
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
System Score Found at
cvssv3 7.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2026-4786
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2026-4786
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2026-4786
epss 0.00021 https://api.first.org/data/v1/epss?cve=CVE-2026-4786
cvssv3.1 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv4 7 https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53
ssvc Track https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53
cvssv4 7 https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca
ssvc Track https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca
cvssv4 7 https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff
ssvc Track https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff
cvssv4 7 https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4
ssvc Track https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4
cvssv4 7 https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769
ssvc Track https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769
cvssv4 7 https://github.com/python/cpython/issues/148169
ssvc Track https://github.com/python/cpython/issues/148169
cvssv4 7 https://github.com/python/cpython/pull/148170
ssvc Track https://github.com/python/cpython/pull/148170
cvssv4 7 https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/
ssvc Track https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json
https://api.first.org/data/v1/epss?cve=CVE-2026-4786
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
148169 https://github.com/python/cpython/issues/148169
148170 https://github.com/python/cpython/pull/148170
2458049 https://bugzilla.redhat.com/show_bug.cgi?id=2458049
28b4ad38067bbdad34edfcd03ad2de5f06387e53 https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53
c5767a72838a8dda9d6dc5d3558075b055c56bca https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca
d22922c8a7958353689dc4763dd72da2dea03fff https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff
d6d68494be70bdbda20f89f83801ba52ec37daa4 https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4
f4654824ae0850ac87227fb270f9057477946769 https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769
JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5 https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/
RHSA-2026:10117 https://access.redhat.com/errata/RHSA-2026:10117
RHSA-2026:10140 https://access.redhat.com/errata/RHSA-2026:10140
RHSA-2026:10141 https://access.redhat.com/errata/RHSA-2026:10141
RHSA-2026:10711 https://access.redhat.com/errata/RHSA-2026:10711
RHSA-2026:10745 https://access.redhat.com/errata/RHSA-2026:10745
RHSA-2026:10774 https://access.redhat.com/errata/RHSA-2026:10774
RHSA-2026:10949 https://access.redhat.com/errata/RHSA-2026:10949
RHSA-2026:10950 https://access.redhat.com/errata/RHSA-2026:10950
RHSA-2026:11062 https://access.redhat.com/errata/RHSA-2026:11062
RHSA-2026:11077 https://access.redhat.com/errata/RHSA-2026:11077
RHSA-2026:11768 https://access.redhat.com/errata/RHSA-2026:11768
RHSA-2026:13692 https://access.redhat.com/errata/RHSA-2026:13692
RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812
RHSA-2026:14652 https://access.redhat.com/errata/RHSA-2026:14652
RHSA-2026:14653 https://access.redhat.com/errata/RHSA-2026:14653
RHSA-2026:14656 https://access.redhat.com/errata/RHSA-2026:14656
RHSA-2026:16699 https://access.redhat.com/errata/RHSA-2026:16699
RHSA-2026:17525 https://access.redhat.com/errata/RHSA-2026:17525
RHSA-2026:17619 https://access.redhat.com/errata/RHSA-2026:17619
RHSA-2026:19019 https://access.redhat.com/errata/RHSA-2026:19019
RHSA-2026:19064 https://access.redhat.com/errata/RHSA-2026:19064
RHSA-2026:19175 https://access.redhat.com/errata/RHSA-2026:19175
RHSA-2026:19176 https://access.redhat.com/errata/RHSA-2026:19176
RHSA-2026:19177 https://access.redhat.com/errata/RHSA-2026:19177
RHSA-2026:19216 https://access.redhat.com/errata/RHSA-2026:19216
RHSA-2026:19549 https://access.redhat.com/errata/RHSA-2026:19549
RHSA-2026:19570 https://access.redhat.com/errata/RHSA-2026:19570
RHSA-2026:19571 https://access.redhat.com/errata/RHSA-2026:19571
RHSA-2026:19576 https://access.redhat.com/errata/RHSA-2026:19576
RHSA-2026:19589 https://access.redhat.com/errata/RHSA-2026:19589
RHSA-2026:19590 https://access.redhat.com/errata/RHSA-2026:19590
RHSA-2026:21275 https://access.redhat.com/errata/RHSA-2026:21275
RHSA-2026:21682 https://access.redhat.com/errata/RHSA-2026:21682
RHSA-2026:22144 https://access.redhat.com/errata/RHSA-2026:22144
RHSA-2026:25096 https://access.redhat.com/errata/RHSA-2026:25096
RHSA-2026:8822 https://access.redhat.com/errata/RHSA-2026:8822
RHSA-2026:8824 https://access.redhat.com/errata/RHSA-2026:8824
RHSA-2026:9228 https://access.redhat.com/errata/RHSA-2026:9228
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4786.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/ Found at https://github.com/python/cpython/commit/28b4ad38067bbdad34edfcd03ad2de5f06387e53
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/ Found at https://github.com/python/cpython/commit/c5767a72838a8dda9d6dc5d3558075b055c56bca
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/ Found at https://github.com/python/cpython/commit/d22922c8a7958353689dc4763dd72da2dea03fff
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/ Found at https://github.com/python/cpython/commit/d6d68494be70bdbda20f89f83801ba52ec37daa4
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/ Found at https://github.com/python/cpython/commit/f4654824ae0850ac87227fb270f9057477946769
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/issues/148169
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/ Found at https://github.com/python/cpython/issues/148169
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://github.com/python/cpython/pull/148170
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/ Found at https://github.com/python/cpython/pull/148170
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Found at https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T13:43:47Z/ Found at https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/
Exploit Prediction Scoring System (EPSS)
Percentile 0.06224
EPSS Score 0.00021
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:14:56.284605+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0