Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-7246
PUBLISHED
More InfoOfficial Page
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
View Known Exploited Vulnerability (KEV) details
Published At-30 Apr, 2026 | 13:16
Updated At-30 Jun, 2026 | 03:20
Rejected At-
▼CVE Numbering Authority (CNA)
Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.

Affected Products
Vendor
Pallets Click
Product
Click
Versions
Affected
  • From 0 before 8.3.3 (custom)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: N/A
CWE ID: N/A
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/pallets/click/releases/tag/8.3.3
N/A
https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw
N/A
Hyperlink: https://github.com/pallets/click/releases/tag/8.3.3
Resource: N/A
Hyperlink: https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-77CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Type: CWE
CWE ID: CWE-77
Description: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw
exploit
Hyperlink: https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw
Resource:
exploit
2. github.com/pallets/click: Pallets Click: Arbitrary command execution via command injection in click.edit()

A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit() function, allows an attacker with an unprivileged account to execute arbitrary operating system (OS) commands. This could lead to unauthorized control over the affected system.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6 for RHEL 10
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el10
  • cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.5 for RHEL 8
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.5::el8
  • cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8
  • cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.5 for RHEL 9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.5::el9
  • cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9
  • cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2.6 for RHEL 9
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2.6::el9
  • cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9
  • cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Ansible Automation Platform 2
CPEs
  • cpe:/a:redhat:ansible_automation_platform:2
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.17.2HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9

RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-04-30 14:00:58
Made public.2026-04-30 13:16:44
Event: Reported to Red Hat.
Date: 2026-04-30 14:00:58
Event: Made public.
Date: 2026-04-30 13:16:44
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-7246
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2464121
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7246.json
x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:24762
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:24761
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-7246
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2464121
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7246.json
Resource:
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/errata/RHSA-2026:24762
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:24761
Resource:
vendor-advisory
x_refsource_REDHAT
Details not found