CVE-2026-4519

Published March 20th, 2026

View on NVD ↗

CVSS v3

3.3

LOW

CVSS v2

N/A

Affected

PROJECT

Description

The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to webbrowser.open().

python/cpython

The Python programming language

GitHub

73.4K