HIGH🇬🇧 English

CVE-2026-7246

CVSS 7.2v3.1pub. 2026-04-30upd. 2026-06-30

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
  • Palletsprojects Click

    APP
    Palletsprojects
    < 8.3.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2022-29361CRITICAL9.8ten sam vendor

Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Reques...

CVE-2024-34069HIGH7.5ten sam vendor

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can al...

CVE-2023-46136HIGH8.0ten sam vendor

Werkzeug is a comprehensive WSGI web application library. In versions on the 3.x branch prior to 3.0.1 and on ...

CVE-2023-30861HIGH7.5ten sam vendor

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a respons...

CVE-2023-25577HIGH7.5ten sam vendor

Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form da...