The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended t

Description

An attacker can exploit a vulnerability in Python to execute arbitrary program code.

Vendor	Product	Versions
Python	Python	—

Tier B

BSI Advisories21h ago

→ No new info (linked only)

Tier A

Microsoft MSRC2d ago

→ No new info (linked only)

Tier B

CERT-FR4d ago

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-20

Published3/20/2026

Last enriched2h agov3

Trending Score55

Source articles3

Independent3

Info Completeness7/14

Missing: versions, cvss, epss, kev, patch, iocs, mitre_attack

0 upvotes0 downvotes

No votes yet

State: verified

Confidence: 100%

Last enriched 2h ago

v3Tier B2h ago

Updated description to include arbitrary code execution and changed severity to HIGH.

descriptionseverityexploitAvailableactivelyExploited

via BSI Advisories

v2Tier B10h ago

Added vendor and product as Python, updated severity to HIGH, and marked exploit as available and actively exploited.

vendorproduct

via BSI Advisories

v111h ago

Initial creation